Does Linux need a data loss prevention solution?

Even if Linux is secure by design, the data residing on these machines is not secure and that’s exactly what one company is trying to protect.

CoSoSys, a firm that offers data loss prevention (DLP) and mobile device management (MDM) solutions, today announced a private beta release of Endpoint Protector DLP for Linux.

Yes, Linux is secure by design, but that doesn't mean there won't be software bugs (Linus Torvalds has said as much, noting that bugs are part of the software development process). And, yes, there have been some critical security threats that surfaced in the last few years such as GHOST, ShellShock, Heartbleed, and the Glibc vulnerability

But CoSoSys is not about that security. It’s not about the security of the operating system itself. It’s about the data residing on these machines and protecting the data irrespective of the operating system.

Roman Foeckl, CEO, CoSoSys told me in an email that “the need to avoid sending confidential attachments or content to unauthorized destinations or recipients exists no matter the computer’s operating system. Endpoint Protector Data Loss Prevention stops users from uploading, sending, and copying/pasting confidential data from Linux workstations to the cloud, to online applications and to portable storage devices. The threat of people sending sensitive data outside the company is present more than ever with the increasing number of apps and devices that can store important amounts of data.”

CoSoSys says it is bringing its solution to market now because of a notable increase in Linux market share in 2015. When I asked about the basis of such a statement Foeckl pointed me to a Linux Foundation report and said that the “report reveals that Linux deployments increase at the expense of Windows, with a 14-point increase (65% to 79%) from 2011 to 2014, compared to a nine point decrease in Windows deployments (45% to 36%) for the same period. In the press release, we referred to the worldwide market share. StatCounter shows the market share for the top seven desktop operating systems from 2008 to 2016, and we can see that Linux has a 1.47% market share in January 2016, growing from 0.84% in January 2009.”

Building on that, Mike Woster, COO at The Linux Foundation said in a press statement that “Linux is becoming the de facto standard for security and IT infrastructures. This rate of adoption requires support in the form of technologies such as what CoSoSys is introducing today.”

Endpoint Protector already runs on enterprise grade Linux distributions like Ubuntu, OpenSUSE, RedHat and CentOS and offers features like device control to block the use of specific portable storage devices and prevent data loss and data theft. Now CoSoSys is bringing a content-aware DLP module to Linux.

As Foeckl explains:

We provide content-aware Data Loss Prevention and Device Control for Windows, Mac OS X and Linux (several distributions, like Ubuntu, OpenSUSE, CentOS, RedHat, but more planned based on our customer needs). Organizations implementing our solution benefit from protection of confidential data, like financial records, employees’ Personal Identifiable Information, marketing plans, customers databases, so basically the know-how, business data and employees’ data, against leakage, theft or loss.

Foeckl said that their research revealed 6 out of 10 employees are not aware which files are confidential and which are not, making data vulnerable in their hands. So the need for such data protection doesn't necessarily stem from lack of trust in employees but is more about awareness  (though there is always a possibility of disgruntled employees exacting revenge).

The CoSoSys Endpoint Protector DLP system is client-server software, in virtual appliance or hardware appliance formats. The way it works is client software is installed on each computer and then it scans data before it is uploaded/copied to online services and applications as well as copied onto portable storage devices.

And if there is any confidential data – whether it be credit card numbers, e-mail addresses, social security numbers – or regular expressions, keywords, and certain type of data then it will either block the transfer and report the action, or just report the action to the server. Then admins can take appropriate action.

CoSoSys doesn’t directly work with the Linux community but they are inching towards it and recently joined the Linux Foundation as a member.

Those who are interested in the beta can request it on the Endpoint Protector Linux page.

Copyright © 2016 IDG Communications, Inc.

Discover what your peers are reading. Sign up for our FREE email newsletters today!