Static Data Leak Prevention
Data Leaks are a common risk to organizations, especially with regards to industrial espionage. In the past, companies addressed data leaks by implementing so called content-aware Data Loss/Data Leak Prevention (DLP) software. Such software analyzes data moving through an IT landscape and reports unauthorized transfer of this data, i.e. transfers beyond the company’s network borders. The key purpose of this methodology is to prevent incidents where critical data (in the possession of employees) is actually leaving the company without permission.
This paper points out weaknesses in existing DLP methodologies which are primarily related to unreliable identification of critical business data.
It also introduces a fundamentally new and complementary DLP methodology: Static Data Leak Prevention. This methodology analyzes source code for practices that result in data leaks once the source code is compiled and executed. A key advantage is that critical business data can be precisely identified with this approach. That way risks can be avoided before an application goes live, which is a highly effective approach: If critical data is protected against disclosure to unauthorized employees in the first place, it’s less likely that critical data can be leaked outside the company’s network borders.
About this White Paper
- Target Audience: Anyone with technical background in SAP Security
- Language: English
- Author(s): Andreas Wiegenstein
- Format: PDF (1 MB)
- Version: 1.3 (August 2013)