The company Educational Credit Management Corporation reports that the personal information of 3.3 million federal student loan borrowers has been stolen, including names, addresses, birth dates and social security numbers. A portable medium containing students' personal data was stolen on 20 March 2010.
Campus networks are at greater risk to breaches because they must be open, carry a lot of data, and have many access points (mobile devices, computer ports, personal e-mail and instant messaging). All campuses should be vigilant regarding their data breach prevention policies, personnel and solutions.
One of the solutions to mitigate risk of data loss through portable media as shown in the case above is to implement Data Leakage Prevention (DLP) tools which can prevent sensitive data to be transferred to portable devices, as well as external locations through the network.
Data Leakage Prevention (DLP) tools are systems that identify, monitor, and protect data in use (e.g. endpoint actions), data in motion (e.g. network actions), and data at rest (e.g. data storage) through deep content inspection and with a centralised management framework. These systems are designed to detect and prevent the unauthorised use and transmission of confidential information. Currently, there are three main types of DLP design:
- Network DLP - Network DLP tools crawl through network and fingerprint sensitive files and records. They will detect if a particular important file or dataset is being transferred somewhere through the network. However, network DLP technologies do not have the capacity to monitor data that are locally managed at an endpoint, such as personal e-mail and mobile device. It is difficult to thwart insider threats if the endpoints are not guarded.
- Endpoint DLP - These are agents or client software that reside at endpoints, such as mobile devices, computer ports, personal e-mail and instant messaging. They can detect if an important file is being transferred out from the endpoint. They log, block and notify actions that violate security policies.
- Embedded DLP - Embedded DLP are customised tools which are embedded within individual application system, such as email system and Adobe reader for the purpose of protecting specific information, e.g. restriction of copying and printing of documents.