Gareth Niblett, Chairman of the BCS Information Security Specialist Group, says data loss prevention is about sharing information securely.

1. DLP is often thought of as a technology
that simply stops all unauthorised
information flows once it has been
installed. In reality, DLP should be part of
information life cycle management and
focus on ensuring organisations can share
the information it needs to, both internally
and externally, in a correct, accountable
and secure manner. Data loss is then also
prevented as a beneficial by-product.
Even well funded and resourced
organisations can find this challenging in
practice, especially against a motivated
insider, such as in the case of Edward
Snowden and the NSA, as although external
barriers may be strong, internal ones are
often weak. Without all-encompassing
policies and procedures, no amount of
technology can completely counteract
inadvertent or deliberate exposure and
exfiltration of information and data.
To enable robust inter-organisational
collaboration, we need common policies
for identity proofing and verification (IPV) of
organisations, people and devices, issuance
of credentials, authentication, authorisation
so that interoperability can be obtained.
One leading initiative is the non-profit
organisation British Business Federation
Authority (BBFA) (federatedbusiness.org)
that is working towards enabling such
federated trust.
BBFA is working with both private
and public sector organisations towards
standards-based and interoperable IPV,
strong authentication and authentication,
federation and PKI bridge policies,
procedures and mechanisms, as it
INFORMATION SECURITY
recognises that without these no technology
can meet the real needs of customers and
end users. BBFA is also involved in secure
information sharing initiatives, such as the
HMG Cyber Information Sharing Partnership
(CISP) and Multinational Alliance for
Collaborative Cyber Situational Awareness
(MACCSA).
www.bcs.org/security
Gareth Niblett,Chairman of the BCS Information Security Specialist Group,
says data loss prevention is about sharing information securely.
Information Security Specialist
Group (ISSG):
www.bcs-issg.org.uk
Information Risk Management and
Assurance Specialist Group:
www.bcs.org/groups/irma
BCS Security Community of
Expertise (SCoE):
www.bcs.org/securitycommunity
FURTHER INFORMATION
DATA LOSS
PREVENTION
doi:10.1093/itnow/bwu011©2014TheBritishComputerSocietyImage:Photodisc/83397711
24 ITNOW March 2014
IT
innovator
There’s
an
that doesn’t sell anything,
make anything,
but protects everything.
Technology with a purpose
Nowhere on the planet does technology like we do.
It’s a bold assertion.And one you’ll only ever truly
be able to verify by joining us. But believe it when we
That’s why we need Architects who are as excited by
the courage to innovate and pioneer.We’re breaking
delivered for the sake of national safety. Join us and
you could too. Have you got what it takes to be an MI5
architect? Find out at www.mi5.gov.uk/careers
Enterprise Architects
Solutions Architects
Technical Architects