Data loss is one of the biggest concerns for most organisations. Therefore, many IT Managers and Network Administrators are seeking to learn more about data loss prevention strategies and general software solutions currently available for business users.
Data breaches are one of the main fears for most businesses that operate in a technology oriented environment. Recently, several organisations have been cited in the news following a data breach despite the increased use of intrusion detection systems, firewalls and other types of security applications.
Although Data Loss Prevention solutions do not provide a total cure for data breaches, it is a wise move to make a DLP strategy part of your arsenal to reduce the risks. The availability of Data Loss Prevention solutions has increased significantly over the last decade with many improvements and advancements for protecting organisations from data loss.
The current solutions can provide your organisation with greater data visibility and tracking within your content network. Data Loss Prevention (DLP) is often referred to in different terms which can cause confusion over the exact tools that should be used and the type of environment they suit the best.
This report will provide you with a general understanding of data loss prevention, the different terms used to define it, how DLP solutions work, and how you can find an appropriate solution for your organisation.
Data Loss Prevention is the deployment of network security solutions capable of monitoring and protecting data in motion, data at rest, and data in use through centrally established policies. The solutions add an additional layer of protection against data breaches by using continual deep content analysis methods.
The key characteristics of Data Loss Prevention are centralised policy management, comprehensive content protection across multiple locations, and deep content analysis and identification.
It is also important to mention that Data Loss Prevention is commonly referred to by different terminology. This includes but is not limited to:
Although the terms vary, they all refer to what we are discussing in this report – Data Loss Prevention.
Quality Data Loss Prevention helps your organisation with improved insight as to how specific content is being used. It also provides you with better protection of sensitive information, the ability to control data access and effectively manage data classification. Many Data Loss Prevention solutions vary in protection functionality which is why it is important to understand your requirements before deploying a DLP product.
Many organisations face a never-ending challenge of regulations that require them to provide protection for customer data, corporate data, intellectual property, and more. In many instances this also entails compliance requirements for data encryption, PCI, secure handling and storage, and rapid recovery following a disaster.
A data breach can potentially cost your organisation hundreds of thousands of dollars in fines if these requirements are not met. For the reasons stated here, simply deploying a firewall and other applications at the network perimeter is not enough to deter unwanted intrusions. Additionally, cybercriminals are very tech savvy and can exploit your business network for some time before a breach is discovered.
A DLP solution provides better protection against advanced attacks and persistent threats and ensures that data is handled securely at all times. This is especially important if your employees are using mobile devices or you have a Bring Your Own Device (BYOD) policy. It also helps your organisation to meet compliance and audit requirements without a huge capital outlay.
It is a well-known fact that many Data Loss Prevention product providers offer different levels of protection to meet the needs of different types of organisations. DLP solutions can range from a one-size-fits all type of approach (not recommended) to a comprehensive solution that can be customised to meet individual requirements across many industries.
Although there is an endless variety of solutions available, there are three common functions that DLP solutions should protect which include data in motion, data at rest, and data in use.
Data in Motion: Data in motion refers to all data being transmitted over the network. This includes email messages, network communications, web posts, instant messaging, etc. The protocols being used include SMTP, IM, FTP, HTTP, and more. For this aspect of data protection, the DLP solution monitors data transmission and inspects it to identify any policy breaches.
Data at Rest: Data at rest refers to data being stored on servers, depositories, databases, and other locations. A DLP solution deploys tools that scan and monitor sensitive data, detect breaches, and identify data in other locations that may be unstructured. There are applications that also monitor data stored in file sharing programs as well as desktop, laptop, and tablet devices.
Data in Use: Data in use refers to data that is being used and transferred to external storage devices such as a USB flash drive, the cloud, portable hard drive, CD-ROM, or other type of storage device. The tools and applications in a DLP solution help to provide data loss prevention by auditing and monitoring classified information used by authorised end users. This includes the printing of classified documents.
Although common network security technologies such as firewalls, intrusion detection systems, and other security technologies are a necessary part of data breach protection, Data Loss Prevention solutions are specifically designed to secure data and content. Instead of monitoring for malware, zero day attacks, and other security breaches, the main purpose of DLP is to prevent data loss and data breaches propagated by cybercriminals.
In addition to monitoring critical data, the solution is also designed to identify issues with data processes that take place during regular business operations. This includes processes being performed on desktops, laptops, tablets, and other devices.
DLP solutions are also used in conjunction with continual user awareness training. Although most companies invest in this type of training, most data breaches occur as the result of errors on the part of the end user despite the fact there are established policies and procedures.
A DLP solution can be used to monitor processes to determine how well training, policies and procedures are working. This allows organisations to exercise preventative control to reduce the chances of data breaches that result from failure to follow policies and procedures.
Many organisations feel overwhelmed when it comes to determining the best practices for deploying a DLP strategy. The good news is it does not have to be as complex as it seems provided you take a step by step approach. This will help you to get a handle on organisational requirements without getting lost in complexities.
Detailed planning cannot be over emphasised. As an organisation, you cannot provide protection for what you don’t know. Data within your organisation is constantly being modified, copied, moved to different locations, and more. The result is data sprawl and lack of knowledge in terms of compliance and access for the data that you must protect.
A qualified DLP vendor can help you work out the complexities of DLP deployment. However, it is important to deploy detection and test agents that can collect, track, and report data processes over your entire network. This can also help you to choose a DLP solution that is compatible with your needs and requirements.
As you monitor data, it is likely that one or more violations will be detected. This may or may not require immediate intervention. To determine an incident handling process, you must set the criteria for when an incident should be escalated to intervention. You should designate someone who has access to the incident information during the investigation so a cause can be determined.
A violation requiring intervention should also be backed by a workflow process that includes delegated responsibilities. At this point, it can be determined whether management needs to get involved.
In many cases, your data may be distributed across an abundant number of servers. Sensitive data may be combined in files with unstructured data. Running an identification scan can prove to be time consuming and can potentially result in multiple false positives that waste time.
In the above scenario, it is better to determine which networks are connected to different users and then identify what the access permissions are. You should also run an inventory scan to help you categorise and classify files. This step is accomplished rather quickly since the files are being classified based on metadata as opposed to the entire file.
If your organisation has been up to speed with compliance, you may be in good shape. Otherwise, you may face some of the processes described above, especially if you have been through multiple mergers. However, you will find that the effort was well worth in the long run since you will be up and running with a clean directory server.
You have probably established priorities for data loss prevention during the planning phase of a DLP strategy. However, you must learn how to achieve these goals using a Data Loss Prevention solution. Your priorities most likely include protecting intellectual property, customer data, PCI compliance requirements and more. Once you know how to address each priority using a DLP solution, you can then customise DLP policies to fit the working environment.
Your IT professional(s) should map out the key parts of the organisation infrastructure. This includes network components, storage, and endpoints. A network map will help you to determine where you will need to deploy specific DLP solution components.
It is not necessary to include every little component in the map. Instead, you should focus on the parts of your network that apply to the Data Loss Prevention priorities you have established.
Although you may have already tested the DLP solution, it is important to test again in accordance with the priorities you established earlier. This involves testing components of the directory server in addition to different scenarios to determine workflow efficiency.
Depending upon the solution you have chosen, you may need to test the DLP to make certain it is using the correct protocols and ports to effectively handle network traffic, in addition to testing the performance on the storage networks. Each DLP solution is different plus, if you have customised it, there will be other types of priority testing you may be required to administer.
It is important to be aware that DLP products can simply offer an array of features or they can provide comprehensive coverage as a solution. For example, email security applications may provide basic Data Loss Prevention functions but they are incapable of performing as a complete security solution.
If a DLP solution offers just the basic features, there is a chance it is not capable of dedicated itself to protecting data and content. It may contain specific detection functions however, it isn’t dedicated to complete data protection. This is important to understand since specific issues and responsibilities may not be managed by the same department or administrator.
For example, a business may designate an administrator to be responsible for security functions. However, they may see the securing of policies and procedures as managed by someone outside of the security unit. If you choose a DLP solution that is dedicated to a specific function, it can be isolated from other security functions without compromise.
If the DLP solution has comprehensive coverage, it will provide you with the ability to create policies, access centralised management tools, enforce workflow processes, and apply dedicated data and content monitoring which is separate from other security functions. The user interface provides functions that provide an efficient way to solve business issues and technical problems associated with data protection.
Whatever DLP solution you determine is right for your organisation, it should be a solution that is easy to deploy and manage. A quality DLP solution will ensure protection of sensitive data using network and endpoint components that have been closely integrated. A single user interface that can manage incidents, set policies, automate workflow processes and other administrative tasks will save your organization time and money.
The risks that organisations face in terms of data security are many as the number of breaches continues to increase. Implementing a solid Data Loss Prevention strategy is essential in today’s business environment. Understanding Data Loss Prevention (DLP) and how it applies to your company data and access permissions is an important step toward reducing the chances of data breaches and loss. Classifying data and deploying monitoring technology is a ‘must have’ for any organisation that wants to ensure they are ‘in the know’ when it comes to data transmission and location.
Complex IT is a professional IT solutions organisation that provides Network Security strategy consultancy – assisting businesses with the planning, deployment and ongoing support of the latest Data Loss Prevention Solutions.
Visit our Network Security Solutions overview page to find out more about our services, or visit our Data Leakage prevention page to find out more about the many Data Loss Prevention solutions that we provide to small and medium enterprise.
Alternatively, you can provide us with more information about your network security requirements by completing the online contact form below.