Data loss prevention software, or DLP, has long been a hot topic among security professionals for a while, but it’s always been a bit of a mercurial target: How do you lock down data while still making it accessible enough to be useful? The short answer: You can’t. Remove CD drives, install the right software, regularly audit your weaknesses and you can still be a victim.
But that doesn’t mean that WikiLeaks is the “canary in the coal mine” for DLP techniques. In fact, it’s going to receive more attention and more thought than ever (we picked it as one of our top 5 trends for 2011), but the hard truth is that security is about mitigating risk, not eliminating it. It’s not a message your CEO wants to hear, but acknowledging that systems are imperfect and breachable is the first step towards recovery, as they say.
Even the National Security Agency reportedly has acknowledged the fact, and if the world’s spookiest spooks can’t stop breaches, how can your company? From Reuters:
The U.S. government’s main code-making and code-cracking agency now works on the assumption that foes may have pierced even the most sensitive national security computer networks under its guard.
“The most sophisticated adversaries are going to go unnoticed on our networks,” she said.
“There’s no such thing as ‘secure’ any more,” Debora Plunkett of the National Security Agency said on Thursday amid U.S. anger and embarrassment over disclosure of sensitive diplomatic cables by the web site WikiLeaks.
So much for holiday cheer.