Data Leakage Prevention (DLP) practices are implemented in order to prevent the unauthorized distribution of confidential/private information. Because email was not originally developed with security as a top priority, the transfer of sensitive information is immediately exposed to a range of threats. The limitations of the SMTP protocol, industrial espionage, disgruntled employees and the growing frequency of identity theft represent only a fraction of the threats to an organization’s emails. While these threats are real and must be addressed, it is crucial that a DLP system and policy be consistent with a company’s overall strategy so that employee expectations about privacy can be reasonably managed.
Privacy
Sensitive information is typically characterized by keywords, textual or numerical patterns (i.e. credit card number, social security number etc.) and other content-related phrases. PineApp’s policy-driven DLP module, for instance, scans all outgoing emails for the presence of content that has been defined by an organization’s own policy. An email that is flagged, due to these predefined criteria, is immediately intercepted and system administrators are instantly notified.
While it may be obvious to company management that all emails ought to be reviewed and scanned for security purposes, a company must make it clear to their employees that someone is NOT reading every email in their system. This “Big Brother” perception must be acknowledged and addressed from the very beginning stages of a DLP policy development.
When applying DLP to an organization’s email server, IT managers need to maintain a delicate balance between their company’s security interests and the end-user’s privacy. This balance is only possible through a coherent policy that is aligned with the management of sensitive data in all facets of the organization.
Original Post from: PineApp (http://pineapp.wordpress.com/2010/08/31/a-delicate-balance-dlp-and-privacy/)
Privacy
Sensitive information is typically characterized by keywords, textual or numerical patterns (i.e. credit card number, social security number etc.) and other content-related phrases. PineApp’s policy-driven DLP module, for instance, scans all outgoing emails for the presence of content that has been defined by an organization’s own policy. An email that is flagged, due to these predefined criteria, is immediately intercepted and system administrators are instantly notified.
While it may be obvious to company management that all emails ought to be reviewed and scanned for security purposes, a company must make it clear to their employees that someone is NOT reading every email in their system. This “Big Brother” perception must be acknowledged and addressed from the very beginning stages of a DLP policy development.
When applying DLP to an organization’s email server, IT managers need to maintain a delicate balance between their company’s security interests and the end-user’s privacy. This balance is only possible through a coherent policy that is aligned with the management of sensitive data in all facets of the organization.
Original Post from: PineApp (http://pineapp.wordpress.com/2010/08/31/a-delicate-balance-dlp-and-privacy/)



