DLP is often thought of as a technology that simply stops all unauthorised information flows once it has been installed. In reality, DLP should be part of information life cycle management and focus on ensuring organisations can share the information it needs to, both internally and externally, in a correct, accountable and secure manner. Data loss is then also prevented as a beneficial by-product.

Even well funded and resourced organisations can find this challenging in practice, especially against a motivated

insider, such as in the case of Edward Snowden and the NSA, as although external barriers may be strong, internal ones are often weak. Without all-encompassing policies and procedures, no amount of technology can completely counteract inadvertent or deliberate exposure and exfiltration of information and data.

To enable robust inter-organisational collaboration, we need common policies for identity proofing and verification (IPV) of organisations, people and devices, issuance of credentials, authentication, authorisation so that interoperability can be obtained.

One leading initiative is the non-profit organisation British Business Federation Authority (BBFA) (federatedbusiness.org) that is working towards enabling such federated trust.

BBFA is working with both private and public sector organisations towards standards-based and interoperable IPV, strong authentication and authentication, federation and PKI bridge policies, procedures and mechanisms, as it

INFORMATION SECURITY

recognises that without these no technology can meet the real needs of customers and end users. BBFA is also involved in secure information sharing initiatives, such as the HMG Cyber Information Sharing Partnership (CISP) and Multinational Alliance for Collaborative Cyber Situational Awareness (MACCSA).

www.bcs.org/security

Gareth Niblett, Chairman of the BCS Information Security Specialist Group, says data loss prevention is about sharing information securely.

Information Security Specialist Group (ISSG):www.bcs-issg.org.uk

Information Risk Management and Assurance Specialist Group:www.bcs.org/groups/irma

BCS Security Community of Expertise (SCoE):www.bcs.org/securitycommunity

FURTHER INFORMATION

DATA LOSS PREVENTION

doi:1

0.10

93/i

tnow

/bw

u011

©20

14 T

he B

ritis

h Co

mpu

ter

Soci

ety

Imag

e: P

hoto

disc

/833

9771

1

24 ITNOW March 2014

ITinnovator

There’san

that doesn’t sell anything,make anything,

but protects everything.

Technology with a purpose

Nowhere on the planet does technology like we do.It’s a bold assertion. And one you’ll only ever truly be able to verify by joining us. But believe it when we XEPO�EFSYX�[SVPH�½VWXW��EWXSRMWLMRK�EGLMIZIQIRXW�ERH�QMRH�FPS[MRK��SRGI�MR�E�GEVIIV�STTSVXYRMXMIW��&IGEYWI�TVSXIGXMRK�XLI�REXMSR�MW�ER�IZIV�HIQERHMRK�GLEPPIRKI��That’s why we need Architects who are as excited by XIGLRSPSK]�EW�[I�EVI��MRUYMWMXMZI��MRXIPPMKIRX�TISTPI�[MXL�the courage to innovate and pioneer. We’re breaking RI[�KVSYRH�IZIV]�HE]��XEGOPMRK�TVSNIGXW�XLEX�QYWX�FI�delivered for the sake of national safety. Join us and you could too. Have you got what it takes to be an MI5 architect? Find out at www.mi5.gov.uk/careers

8S�ETTP]�XS�1-��]SY�QYWX�FI�E�FSVR�SV�REXYVEPMWIH�&VMXMWL�GMXM^IR��SZIV����]IEVW�SPH�ERH�RSVQEPP]�LEZI�PMZIH�MR�XLI�9/�JSV�RMRI�SJ�XLI�PEWX�XIR�]IEVW��=SY�WLSYPH�RSX�HMWGYWW�]SYV�ETTPMGEXMSR��SXLIV�XLER�[MXL�]SYV�TEVXRIV�SV�E�GPSWI�JEQMP]�QIQFIV��TVSZMHMRK�XLEX�XLI]�EVI�&VMXMWL��8LI]�WLSYPH�EPWS�FI�QEHI�E[EVI�SJ�XLI�MQTSVXERGI�SJ�HMWGVIXMSR�

Enterprise Architects Solutions Architects Technical Architects