The two distinct approaches to data loss prevention

Comparing data-at-rest to data-in-motion security procedures


Although many organizations are expanding security efforts, the number of identity theft incidents is still increasing. Every two seconds, someone becomes a victim of identity theft in America. Last year, identity theft tolls amounted to $100 billion.

The Federal Trade Commission reports identity thieves victimize 10 million Americans annually. Data Loss Prevention (DLP) has become a top priority for federal and state governments as well as industry regulators, whom have enacted laws with monetary fines, forcing organizations to improve protection of sensitive data.

Breached organizations suffer significant loss from a data leakage incident. According to a Ponemon Institute 2010 study, the total average cost of a data breach has reached $214 per record compromised. The average total cost per reporting company reached $7.2 million in 2010. Organizations now often pay for credit monitoring services for the impacted individuals. They will also suffer a damaged reputation because all security breaches must be publicly disclosed.

Two Common Approaches to Data Loss Prevention

Many organizations still don’t know how to tailor a data loss solution to fit their company’s needs. There are two approaches to information security to help alleviate the situation – “Data-at-Rest DLP” and “Data-in-Motion DLP”.

The Data-at-Rest (DAR) approach is growing in acceptance and is being adopted because of its ability to guard data at its source. This approach refers to data stored on computers, storage devices, or being used by the data owner. The Data-in-Motion DLP (DIM) solution refers to protecting data transmitted over a network. It is successful in preventing data from leaving the organization when individuals send information that is unprotected.

There is no instant cure or a single “silver bullet” for all types of threats. However, data loss can be prevented by understanding the most recurring breach type and enacting a solution to best treat the problem, as shown in the table below:

Threat --> common DLP process
Hacker (includes malware) --> Data-at-Rest
Digital Media (lost/stolen computers, backups, etc.) --> Data-at-Rest
Web Content --> Data-at-Rest, Data-in-Motion
Accidental Transmission (e-mail, etc.) --> Data-in-Motion
Physical Media (lost/stolen papers, etc.) --> Policy
Dishonest Insider --> Policy, Access Controls
Other/Unknown --> Access Controls

What’s Right for Your Organization?

Data-at-Rest solutions allow organizations to be proactive because the technology secures data at its source, preventing the majority of data loss problems. Advanced technologies allow core reporting on risk exposure, which can create an informative analysis showing the patterns over time. Knowingly or not, employees may have personal information stored in a variety of locations, including emails, databases, websites and desktop files. Organizations should periodically clean these systems to prevent data loss at the source.

Data-in-Motion solutions may stop the transmission or sending of information, but they don’t help the problem at the source. Additionally, employees may feel that this is intrusive or interferes with productivity, if the emails they try to send continually get blocked, for example.

Many enterprises are moving the responsibility for managing discovery and remediation efforts from the IT staff to the individual data owners. However, Data-in-Motion solutions usually require a centralized governing system that is run by an IT administrator. With Data-at-Rest solutions, administrators may have management, reporting and remediation capabilities from a centralized console, but are empowering employees not only to see the problem but also take action to fix it.

By transferring the processing power and remediation responsibilities to an entity’s data owner, the organization has the power to inform and educate its employees and positively influence their behavior. Some Data-at-Rest solutions provide users with options regarding how to handle private information once it is located, including the ability to digitally shred, encrypt, redact or quarantine it.

This content continues onto the next page...