ults for ""
Below is a cache of http://www.ironport.com/pdf/ironport_dlp_booklet.pdf. It's a snapshot of the page taken as our search engine crawled the Web.
The web site itself may have changed. You can check the current page or check for previous versions at the Internet Archive. Yahoo! is not affiliated with the authors of this page or responsible for its content.
Data Loss Prevention Best Practices
Data Loss Prevention
Best Practices
Managing Sensitive Data in the Enterprise
A R E P O R T F R O M
I R O N P O R T S Y S T E M S
W I T H A F O R E W O R D B Y B R A D L E Y R . H U N T E R
A M E S S A G I N G M E D I A P U B L I C A T I O N 

DATA LOSS PREVENTION BEST PRACTICES
A M e s s A g i n g M e d i A P u b l i c A t i o n
table of contents
Foreword by Bradley R. Hunter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Defining the Data Loss Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
What Data is Sensitive? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Regulatory Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Intellectual Property Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Why is Data Loss So Prevalent? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Sizing Up the Data Loss Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Getting to the Heart of the Matter: Uncontrolled Communications . . . . 17
Putting Teeth in Corporate Policy: The DLP Traffic Cop . . . . . . . . . . . . . 18

Appropriate Use Enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Best Practice #1: Take Time to Define DLP Needs . . . . . . . . . . . . . . . . . . 21
Best Practice #2: Prioritize the DLP Focus . . . . . . . . . . . . . . . . . . . . . . . . 23
Best Practice #3: Ensure Effective, Comprehensive Coverage . . . . . . . . . 24
Best Practice #4: Make the Solution Unobtrusive . . . . . . . . . . . . . . . . . . 25
Best Practice #5: Look for Work Flow, Administration and Reporting . . 26
Best Practice #6: Combine Best-of-Breed Solutions . . . . . . . . . . . . . . . . . 27
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Appendix: Regulatory Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Special Section: IronPort Stops Data Loss in its Tracks . . . . . . . . . . . . . . . 35

DISCLAIMER: The law in this area changes rapidly and is subject to differing interpretations. It is
up to the reader to review the current state of the law with a qualified attorney and other professionals
before relying on it. Neither the authors nor IronPort make any guarantees or warranties regarding the
outcome of the uses to which this material is put. This paper is provided with the understanding that the
authors and IronPort are not engaged in rendering legal or professional services to the reader.
copyright © 2000-2007 cisco systems, inc. All rights reserved. ironPort, the ironPort logo and
senderbase are registered trademarks of cisco systems, inc. All other trademarks are the property of
cisco systems, inc. or their respective owners. While every effort is made to ensure the information given
is accurate, cisco does not accept liability for any errors or mistakes which may arise. specifications and
other information in this document may be subject to change without notice. 

DATA LOSS PREVENTION BEST PRACTICES
A M e s s A g i n g M e d i A P u b l i c A t i o n

As your network traffic increases...your chosen
solution must scale to keep pace, with both
volume and network bandwidth.
B R A D L E y R . H U N T E R
director of technology solutions, AHA solutions, inc.
Foreword
by Bradley R. Hunter
Consider the Herculean efforts today to protect the network from threats:
intrusion prevention systems scan packets for potentially damaging content;
email security systems check for viruses in email content and firewalls block
unsolicited connections . To stop the onslaught of threats to corporate and
government networks, a host of software and appliances are being deployed
daily . In general, these border police applications are doing a fairly decent
job of stopping unauthorized intrusion at the door to your network .
But what about organizational
insiders? Which applications
or appliances are scrutinizing
the information being passed
out of the network? Intrusion
prevention systems and firewalls arent looking for intellectual property
sliding out the door right under their virtual noses . Specifically in health
care organizations, what about patient information sent unprotected over
the Internet to another provider? Add in the always-changing regulatory
environment, and security is a unique challenge . All it takes is one misstep
to compromise sensitive information . These are legitimate, authorized users
communicating in an above-board way but potentially exposing sensitive
data in the process . This is the core of the immensely complex problem
of data loss .
To address the data loss problem, organizations need to focus now on
content filtering and blocking of electronic communications leaving the
network and not just email, but instant messaging (IM), webmail, HTTP
and FTP communications as well . All avenues of electronic communication
need to be policed to prevent intellectual property, financial information,
patient information, personal credit card data, and a variety of sensitive
information (depending on the business and the industry) from falling
into the wrong hands .
IronPorts email security
products have the exclusive
endorsement of the American
Hospital Association (AHA). 

DATA LOSS PREVENTION BEST PRACTICES
A M e s s A g i n g M e d i A P u b l i c A t i o n
There are two key capabilities required for content filtering: high performance
and the ability to accurately scan nearly anything . Lets begin with the former .
With todays ever-increasing bandwidth requirements, high performance is
a must . Anything short of line speed would introduce a noticeable delay to
end-users . And it must be scalable . As your network traffic increases, which
it surely will (and at a rate even faster than you anticipate), your chosen
solution must scale to keep pace with both volume and network bandwidth .
The ability to accurately scan nearly anything is a critical competency .
Content monitoring tools look at the content, scan and detect sensitive data,
and mitigate risk through automated blocking or encryption of outgoing
messages based on policy requirements .
But the trick is to get the accuracy right . Detection accuracy and the
ability to define granular policies are what content scanning tools require
to both avoid letting leaks through or generating too many false positives .
Across all key protocols, a high-performance, intelligent data loss prevention
(DLP) solution is a must-have for todays organizations . Decision-makers
should look to vendors with deep expertise in content scanning and select a
best-of-breed DLP solution .
Bradley R. Hunter
Director, Technology Solutions
American Hospital Association Solutions, Inc .
the average information
leak costs organizations
approximately $182 per
record, averaging roughly
$4,800,000 per breach
in total.
S O U R C E :
tHe PoneMon institute 
DATA LOSS PREVENTION BEST PRACTICES
A M e s s A g i n g M e d i A P u b l i c A t i o n
introduction
While a great deal of attention has been given to protecting companies
electronic assets from outside threats from intrusion prevention systems to
firewalls to vulnerability management organizations must now turn their
attention to an equally dangerous situation: the problem of data loss from
the inside .
In fact, in many organizations theres a gaping hole in the controlled,
secure environment created to protect electronic assets . This hole is the
now ubiquitous way businesses and individuals communicate with each
other over the Internet .
Whether its email, instant messaging, webmail, a form on a website, or
file transfer, electronic communications exiting the company still go largely
uncontrolled and unmonitored on their way to their destinations with the
ever-present potential for confidential information to fall into the wrong