Leveraging Data Loss Prevention Software to Prevent DataLeaks

Blue Shield of California recently mistakenly placed clients’ social security numbers at

risk. Approximately 18,000 are being notified about how their SSIDs were publicly

released. In order to manage this crisis, the Department of Managed Health Care

employed data loss prevention software to swiftly analyze all information, so they could

report if all the confidential information was not excluded. In addition, Blue Shield has

revamped their security and operations procedures involving submitting information to

the DMHC, by multiple reviews and monitoring features. Furthermore, all subjects of

data breach are being alerted of the catastrophe. Blue Shield seems to be taking extra

precautions, even though Sara Ream, privacy offer with the DMHC states, “We have no

reason to believe that your personal information has been misused”.

According to the official breach letter, “As a result of this incident, the DMHC and Blue

Shield have instituted additional protections to safeguard against future inadvertent

disclosure of confidential personal information. The DMHC has acquired and installed

data loss prevention software to scan all documents health plans submit to the DMHC via

the DMHC’s electronic filing system to alert the DMHC if confidential information, such

as SSNs, is included. The DMHC is also working with health plans to ensure that they do

not inadvertently include confidential information in otherwise public documents.”

According to Preston Partners Andrew Horton, “Its crucial that enterprises fend off data

threats by adopting data loss prevention software.”

As more and more devices flood into the enterprise, the risk of losing sensitive corporate

data increases. One solution for enterprises is to deploy content-aware Data LossPrevention (DLP) technology, which checks data at rest or in motion and can carry out

responses, from data notification to active blocking of content.

The market for such products is only in its infancy, and is bound to boom in the coming

years. Research consultancy group Gartner estimates that the enterprise Data loss

prevention market size will approach $670 million this year, a figure that is significantly

larger than $535 million in 2012, and $425 million in 2011.

Data Loss Prevention provides enterprises the ability to operate a large set of data, and

gain complete insight and visibility of the movement of data on their own network, as

well as mobile devices and removable media. While powerful, data loss prevention

software can’t operate on its own. Data loss prevention software requires a well thought

out and designed strategy to direct it for maximum utility and success.

In order to initiate a strategy, an enterprise should first declare its data loss prevention

policy, and decided as to which exact devices may be used to access the company

network. Then onwards, the enterprise should accept and provide commitment to the data

loss prevention policy proposed. Effective implementation methods require participation

and management from executive team members, information technology team members,

as well as individual users. It’s important that users are educated as to appropriate

procedures and penalties for violations. Furthermore, it is crucial to acquire commitment

from the owners of highly sensitive data. Owners can leverage data loss prevention

software to sculpt the requirements to their preference.