Enterprise DLP Strategy – Breaking Trust is a Dangerous Option

B. Ostergaard
B. Ostergaard

Summary Bullets:

  • Misusing certificates for data leakage prevention (DLP) purposes is not a good idea
  • Deploying big data analytics to weed out deviant data and traffic behavior is much less intrusive

I have been talking to several MSSPs in connection with their rollouts of DLP services. A pressing issue for them is to explain to customers how effective their DLP services actually are. Two weeks ago Trustwave, an SSL certificate authority, confessed to selling a subordinate root certificate that allowed a customer to monitor employees’ Web communications – even if the staffers relied on HTTPS. Trustwave explains that the man-in-the-middle gear was designed as tamper-proof and limited to its unnamed client’s compound. I would suspect that other certificate authorities have issued similar certificates to enterprise customers for DLP purposes. Despite these precautions, Trustwave revoked the offending certificate admitting that the whole approach was ill conceived. Continue reading “Enterprise DLP Strategy – Breaking Trust is a Dangerous Option”