In the first session of Mark’s new blog series, we’ll be covering who Mark is, where he came from, and what to expect from this series.
“DLP” (Data Loss Prevention, also referred to as Data Leak Prevention), is a term referring to the use of technology to protect confidential data from being shared with unauthorized parties. DLP systems monitor data in use, at rest, and in motion, seeking to prevent data breaches in real time. DLP technology relies on algorithms that determine which data transfers to block.
Why is DLP important? The value of information cannot be understated, and the risks associated with the exposure of sensitive data gives rise to the need for improvement in DLP practices. Due to growing concerns regarding issues such as: corporate espionage; cybersecurity data breaches; and changes in data privacy obligations, DLP technologies are a required business component for corporations and law firms. DLP protocols ensure that the flow of information within and outside of a corporate enterprise, or a law firm, follows an established path.
An element of DLP workflows requires interactions with other systems, such as a DMS (Document Management System), and/or a CMS (Content Management System). DLP protection relies on some other intelligence about the data in order to determine permissible transfers of information. DMS protocols established to determine where the files reside are often used to share information with the DLP technology, however, this does not generally address the specific content within each file. CMS technology can be used to identify content within files that require the DLP to block the transfer of that information. Determining “What” the file’s contents are is the first step in crafting a plan to protect such material. Files might require varying levels of security based on its content. Transfer of certain information might never be permissible outside the corporation by the DLP, while other transfers might be permissible but only under some limited set of circumstances.
Many corporations and law firms rely on their users to create and assign “tags” to newly created files. The level of sensitivity of a information may rely upon user classification to help determine the level of sensitivity of the individual file, or portions thereof. However, manual user generated classification is often inaccurate, and not an efficient process since it reduces employees productivity. Using technology to auto-classify documents help improve the DLP technology’s performance. Auto-classification is programmable to identify certain terms or phrases within a document that would trigger the DLP protections.
One of the shortcomings of DLP protocols is that there are a high number of “false-positive” incidents. These false-positive occurrences require I.T. involvement, and also delay transmission of information which can frustrate employees, thereby reducing productivity. By having files classified properly in a DMS, and using proper auto-classification technology to organize information, the frequency of false-positives that trigger the DLP protections is substantially reduced.
DLP systems are only effective if they have accurate knowledge about the data it’s trying to protect. Through the use of effective information governance and file classification practices, the performance of a DLP system can be dramatically improved. In addition, technology can be customized to add further enhancement to DLP practices. Certain files might be permissible for transfer if specific material is redacted. Technology can be employed to locate and auto-redact sensitive content. Through the use of automated redaction, DLP systems will permit transfers of data, while still preventing unauthorized sharing of specific sensitive information. Auto-redaction technology can reduce the burden that DLP systems impose on I.T. personnel by reducing false-positives, and also increase business productivity by allowing transfers of content that employees are authorized to share.
Valora’s unique proprietary technology, “PowerHouse”, serves to fill many of the needs that DLP systems require to function effectively. PowerHouse identifies the content of the data, and provides intelligence about each individual file or point of data. Valora’s technology is a “Rules-Based” system that can be custom configured to program the specific types of information that a corporation or law firm deems to require DLP protection. The Rules within PowerHouse include algorithms and elements of pattern matching recognition, and are used to auto-classify information, assigning categorization tags to files. The information classified by PowerHouse can be integrated into any DMS, and can also work in conjunction with other CMS software.
Valora’s PowerHouse not only works at the file level, but also at the content level within each document. Hence, the DLP can rely upon the auto-classification provided by PowerHouse to determine what information requires extra levels of protection. Using PowerHouse increases the efficiency of not only the DLP, but also enhances the performance of any DMS. In addition, PowerHouse increases business productivity by increasing the efficiency of data transfers. PowerHouse reduces the amount of false-positive incidents attributable to the DLP. In addition, Valora’s technology not only seamlessly enables the user to determine “What” the information in their possession is, but also helps enforce “How” that content needs to be handled by the DLP.
Moreover, PowerHouse enables the DLP to determine which individual users might have access to view transferred data, by enforcing established security permission levels. Hence, a DLP might permit internal transfer of information between certain individuals, but restrict others from having access to files, or specific portions of any document.
Since most DLP technology does not have the ability to determine what the contents of a file are, relying on PowerHouse to serve this function is an effective automated solution. In addition, PowerHouse is able to classify both structured and unstructured data. The classification provided by PowerHouse remains with each point of data, while it is at rest, in use or in motion.
Should you wish to learn more about Valora Technologies, and our proprietary solutions such as PowerHouse, please feel free to register at Valora’s website for our free resource information.
Guest Blogger: Joe Bartolo, J.D.
Everywhere you look right now, Information Governance, “IG,” has taken center stage. I have had the pleasure of speaking twice in a week on the topic – once to records managers at ARMA’s Northeast Regional Conference and once to litigators at McDermott’s Technology in the Law Symposium. Why is IG so hot and why is it overtaking the discussion on eDiscovery?
IG is hot, hot, hot
IG is the Next Big Thing because it is a catch-all concept that covers a lot of currently important ground: compliance, data ethics and breaches, data management and intelligence, workflow, visualization and analytics. All of these elements play a key part in IG, and always have. So, why is it hot now? The biggest factor is the Target data breach of over 70 million customers’ personal data. The scope of the breach (nearly 25% of all American citizens were affected) and the wall-to-wall media coverage has helped propel responsible data management into the forefront of society’s concerns. In fact, a Pew Research study in January found that over 50% of Americans are “worried about the amount of personal information available about them…” The IG train of responsible data management has left the proverbial station and is speeding its way through the legal system, through Wall St., and through consumers’ concerns and buying behavior. Nothing speaks louder than consumers and their wallets. For Target, “Satisfaction with the overall shopping experience was down almost 2 percentage points in March, with declines “most acute” among middle-and-upper-income shoppers” as late as April, 2014 -four months after the breach was announced.
Why is the IG discussion eclipsing the eDiscovery discussion?
For starters, eDiscovery is old news. The earliest uses of the phrase stem from 2004, nearly a decade ago, and well before the FRCP changes in late 2006. Today most litigants, and certainly their outside counsel & advisors are very familiar with its concepts. In fact, most service providers in legal, lit support or eDiscovery already have a wealth of tools and solutions to choose from. Need Early Case Assessment? ESI Processing? Predictive Coding for Doc Review? There are a plethora of solutions, all heavily vying for your attention. The truth is, it’s just not that complicated anymore and the solutions have decreased so much in cost that almost all solutions are accessible to almost all matters. In short, eDiscovery has become as exciting as word processing or scanning.
But the eDiscovery blahs are only half the reason for the decline in discussion. The other half is that intelligent IG encompasses eDiscovery. eDiscovery is subsumed by smart DDC (data, document & content) management, right along with litigation holds, retention policies, workflow routing, exception handling, data breach response and investigations. Today, eDiscovery is but one of any number of critical activities undergone by major corporations all the time. It’s just not the fire drill it used to be, and those implementing IG will see to eDiscovery’s needs along the way.
So, where does that leave us?
Unfortunately, this leaves us woefully and inadequately prepared to handle IG. The passel of eDiscovery tools do little to solve problems that are much larger than typical litigation matters every imagined. The the records management side of the house is of little help with their diminished budgets, and dearth of tools available for large-scale data mining and management. Thus there is promising opportunity for IG-oriented solutions that take the best of both worlds, with an eye towards intelligent DDC management from the outset. Stay tuned, blog readers, and see where Valora heads next…