Saturday, July 2, 2011

Forget DLP, think PLD - the Professional Loser of Data

DLP is the technology of choice when it comes to data protection. However in the past few months we are seeing a plethora of incidents which show the presence of antibodies in the system. 

Antibodies or bacteria in an environment protected by DLP are PLD's. A PLD is a Professional Loser of Data and I am not surprised that most of the PLDs are in Government. Or in high places. 

Take for instance the Adarsh scam - no sooner they started talking of big names that files started disappearing. The files in the Navy, Mantralaya, Mumbai Municipal Corp and the Environment Ministry have all been lost. 

Then we had the CWG scam and saw more PLD action. At first the government supported Mr K by allowing him to continue being tje boss and let loose his PLDs. Well these PLDs did a good job and we read abouyt missing files :)

Radia tapes and  Wikileaks are great examples of big time PLDs at work. 

The latest PLD operation, shockingly, or should I say expectedly, was the enabling the loss of files relating to the Gujarat riots by the Gujarat government. The PLDs did this four years back and it has come to light in an RTI application. And the Gujarat riots are still under investigation ! This just shows the professional capability of the people in power, the PLDs, who were likely to be screwed. The government cites data retention timeframe as the reason why the documents were destroyed saying all actions were taken strictly by the book. 

Now, as I write about this, I wonder why the CBI did not discover the loss of documents when they were arresting Minister Shah. Or maybe one should not be surprised considering the recent incidents where they have thrown cases. 

So, as information security professionals, when we go to plug data leaks and consider insider risks we usually think about disgruntled employee or accidents. It is time to think about the bacteria, the antibody - the PLD. And remember no DLP system will be able to detect or control this guy's action.

No comments: