Tuesday, September 13, 2016

Are Traditional Data Leakage Software Money Leakage Software?

Are Traditional Data Leakage Software Money Leakage Software?

Are Traditional Data Leakage Software Money Leakage Software?

For enterprises, Data Leakage has been a major challenge for decades. It is estimated that cyber crimes (data leakage has the major share) cost nearly 450 Billion USD in a year. Over the last few years, the costs to combat data leakage have increased multi folds.

Companies like Digital Guardian (earlier Verdasys), McAfe (now Intel), Symantec, Websense have been providing DLP software for past 20+ years. Fortunately or Unfortunately these software applications have achieved maturity in terms of their products life cycles but are still failing miserably at many fronts.

In short, these traditional DLP softwares install system driver like application (called monitoring agent) which hooks Operating System File management, Network modules and starts monitoring various activities. These agents are controlled by a central policy server which allows/disallows various activities. e.g. A user can open a Sales Document or not. Or Whether he is allowed to copy that file to USB drive or not. So far so good...

These traditional DLP softwares throw the following challenges to their customers and are slowly turning into money leakage softwares:

1. Big Software means Big Adminstration Costs: Generally these software carry huge costs and assume that their customers have a big pool of Administrators. Often deploying, learning and running these softwares themselelves are year ending projects. Hiring a dedicated team, training them to manage these softwares are the recurring costs.

2. Multiple Updates and Patches Drain Out Customers Money and Time: It is pretty common scene. Along with OS updates or other major software updates(e.g. MS Office or Adobe Photoshop), these DLP softwares start crashing. Blue Screen Death Screens are quite common on Windows front. DLP software making company have to release updates and fixes which adds on to customers' accounts. Often dowloading and deploying the updates itself becomes a quarter ending task.

3. Starts Competeing With Anti-Virus Software and other Security Applications: DLP monitoring agents use the same principle to scan file and often start blocking each other. There is always a performance hit because two agents are sequentially doing the same task i.e. opening a file, scanning it, doing preventive control action. Similalry DLP monitoring agents conflict with Software Backup agents and increases back up time (sometimes exponentially).

4. BYOD Dilemna: Unfortunately the traditional DLP softwares are lagging behind on BYOD front. An employee of customer is brings his laptop or mobile device which has endless unmanaged applications and vulnerable hardware ports like Webcam, Bluetooth, NFC, Wifi, 3G/4G, GPS etc. VPN remote access, SMS and other VOIP communication protocols need monitoring.

5. Poorly Focussed UX or XD: This is really unfortunate, most of DLP softwares were designed keeping security as primary focus. There was least attention paid to user behavior. These tradional DLP Frankesteins generally have poor and confusing interfaces.  Often the reorting and administration interfaces are designed keeping desktop aspects of application usage. There is least attention paid that other stakeholders are using other types of devices. Are BYOD monitoring DLP softwares themselelves BYOD savy?

At customer end, one must assess the DLP software one is planning to procure and deploy would prevent data leakge and money leakage both or not!

No comments: