Why is DCAP not DLP? And is it good or bad?
Now more and more people are talking about DCAP as a DLP element. Some manufacturers of DLP systems present DCAP modules of their own or third-party development, with greater or lesser integration depth into their products. The creators of independent DCAP solutions, on the contrary, abstract themselves from DLP and claim that these are disjoint products with completely different functionality. To what extent DCAP is part of DLP, we will try to figure out in this article.
What is a DLP system for?
The task of DLP is to prevent information leaks. In fact, this is an active response to user actions, which in the most simplified sense are the transfer of confidential information beyond the controlled perimeter of the organization: for example, sending by e-mail or recording to an external medium.
DLP analytical mechanisms are also used to identify employees who carry potential risks for the organization: people who for some reason are planning to change jobs, looking for parallel sources of income, addicted to drugs, religious cults, and other destructive activities, and just idlers. The demand for this functionality has even led to the appearance of separate modules as part of DLP systems: working time monitoring, behavioral analysis and personnel profiling.
In addition, the scanners included in the DLP (the so-called crawlers) allow you to successfully categorize information stored on both user ARM and petabyte storage systems, to identify the facts of storing confidential information in the wrong places for this. And some even know how to transfer such identified information to special secure repositories. Nevertheless, the main task of the DLP system remains the function encrypted in its abbreviation.
What is DCAP for?
The purpose of the DCAP system is different: categorization of the organization’s information arrays – file storages, audit of access rights to files, as well as registration of user requests to them. That is, DCAP does not prevent anything, but it identifies potential threats of leaks in a way other than DLP: by determining excessive access rights to information, registering abnormal user activity when accessing it, and also detecting violations of the rules for storing confidential information.