Data Loss Prevention (DLP) describes a plan for companies to control the sending of sensitive data. E.g. this can include controls to stop the flow of sensitive data or to ensure that sensitive data is always well-encrypted (for compliance) when sent.
In the context of email, DLP is usually achieved through the following formula:
- Construct a list of words, phrases, or patterns that, if they are present in an email, signify an email message that may contain sensitive information.
- Have all outbound email scanned for these words, phrases, or patterns
- For messages that match, take action:
- Block: Refuse to send the message, or
- Encrypt: Ensure that the message is encrypted
- Audit: (and maybe send a copy of the message to an “auditor”)
This classic DLP system is available through many email providers and has been available at LuxSci for many years as well. However, it does have a glaring limitation — no matter how complete and complex your DLP pattern list is, it is almost certain that some messages containing sensitive information will not quite match (or the information will be embedded in attachments that can’t be searched properly). If they do not match, then they will escape in a way that may be considered a breach.
Read the rest of this post »