One of the famous canons in the Jewish Passover “seder” ritual is 4 questions from 4 sons – the son who is wise, the son who is wicked, the son who is innocent and the son who doesn’t know enough to ask.
I sometimes have this feeling of Deja vu when considering data security technology solutions. Although the analogy is not at all parallel – I have written a list of 4 questions to be asked when considering a DLP solution – these questions require clear, authoritative answers just like in the Passover seder (להבדיל).
- What is the key threat scenario?
- How much Value at Risk is on the table?
- Who owns the project?
- Does the DLP technology fit the threat scenario?
1 – What is the key threat scenario?
Here are some typical threat scenarios – the key threat scenario should keep a C-level executive awake at night.
Threat Scenario |
Sample Asset(s) |
Threat(s) |
Vulnerabilities |
Countermeasures |
Leakage or theft of PII (personally identifiable information) |
Customer data and/or credit cards |
Insiders Resellers Criminals Hackers Terrorists |
Employees may be bribed or exploited Weak passwords Wi-Fi networks Temporary files Firewalls Proxy bypass Web services FTP services Operating systems |
Network DLP Database DLP Encryption Policies Procedures Software security assessments Patching |
Loss of IP on servers |
Designs |
Insiders Competitors |
Same
|
Network DLP |
Loss of IP in the cloud |
Designs |
Insiders Competitors Vendor employee |
Same + Unreliable cloud vendor |
Network DLP at provider |
Loss of IP on notebooks |
Designs |
Employees Theft Loss |
Employees in airports
|
Agent DLP Encryption |
Loss of data from business partners |
Customer data, IP |
May steal the data |
Partner systems Web based links Firewalls |
Network DLP Agent DRM or Agent DLP |
See http://www.software.co.il/wordpress/2010/02/is-there-a-business-need-for-dlp/
2 – What is your value at risk?
Once you have identified the key threat scenario, you must know how much value at risk is generated when a threat exploits vulnerabilities to cause damage to assets. The basis for measuring VaR (value at risk) is the asset value (generally determined by the CFO) –
VaR = asset value x threat probability x estimated damage to asset value in a percentage
The VaR is reduced by a set of security countermeasures that also have a cost. VaR is best calculated in a data security based risk assessment that uses DLP technology to measure frequencies of threat occurrence and a calculative threat model to derive VaR.
Most companies are not at a sufficient level of security maturity to do this exercise themselves – and will need an independent consultant with specific data security expertise and the ability to do analytical threat modeling.
Within a couple weeks, you should be able to get a picture of your current data security events, know your data value at risk in Euro and build a prioritized program for cost-effective DLP countermeasures.
See http://www.software.co.il/wordpress/2010/01/building-a-business-case-for-dlp/
3 – Who owns the project?
Beware of organizational politics and silos and conflicting agendas. Need I say more?
4 – Does the DLP technology fit the threat scenario?
Just because the vendor sold you an anti-virus product doesn’t mean that his DLP technology is a good fit (even if it’s free)
Example A: A network DLP solution may be required with 1GB throughput, if the technology saturates at 200MB/S then the solution is not a good fit.
Example B: An agent DLP solution may be required that is capable of identifying IP in AutoCAD files; if the content analysis software is incapable of decoding AutoCAD, then the countermeasure does not mitigate the vulnerability.

Flask Data is a technology company with a strong people focus. We are a diverse group of computer scientists and clinical operations specialists based in Israel, the US and India.
We are accomplished at providing our customers with the most effective way to achieve high quality clinical data and assure patient safety. There is no single solution that works for every clinical trial.
We work hard to understand your unique situation. We work with your team to develop the best solution to achieve high quality clinical data and assure patient safety the same day you engage with patients.
Flask Data – same data data and safety solutions for clinical trials.
Contact us to learn more