To this point we have discussed the need for a data classification policy in an organization and the need to have the proper structure, incentives and capabilities around user awareness, training and incident response to educate the community with regard to that policy on an ongoing basis.
To properly monitor and enforce those policies, there needs to be a sound implementation of appropriate technology solutions to provide the "teeth" for the policies and processes established around the protection of data and information in the enterprise.
There are several technical elements that make a good information and data protection framework. These elements include:
- Mature Identity Infrastructure
- Digital or Enterprise Rights Management
- Data Leakage Prevention
Identity infrastructure is the base on which the majority of the other tools and solution types are dependent to properly operate. Without proper identity there can be no consistent assignment of rights and privileges to information resources across the enterprise. Most organizations have many moving parts in their identity infrastructures. Invariably some parts are either missing or not working up to their full potential. Without a viable identity infrastructure, many of the tools specifically designed for monitoring and protecting information and data will have only limited success at best; at worst they could possibly be seen as a failure. Once there is a solid identity infrastructure in place with a granular set of user attributes, additional solutions can be deployed for the protection of data and information.
Digital Rights Management (DRM) solutions encrypt content at a document level making use of access and authorization criteria from identity infrastructure to prevent the misuse, modification, loss or theft of intellectual property and sensitive information.
In contrast Data Leakage Prevention (DLP) solutions monitor for content on networks and endpoints based on defined criteria such as tags in documents, key word searches and so forth. As content is scanned and the criteria of the search parameters are met, rules are triggered. In less sophisticated solutions, these triggered rules result in some type of alert, typically an email to an administrator who makes decisions and inquiries based on established response procedures. In more sophisticated solutions, content can actually be interdicted or quarantined by the solution based on a rule set.
At first blush, DRM and DLP appear to be competing and mutually exclusive solutions that take different approaches to solving the same issue. There have been equal amounts of controversy and confusion in the market place regarding these types of solutions, which in many ways has slowed the maturity of the solution sets and their mainstream acceptance in the market place.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.