A Guide to Data Loss Prevention For Beginners

Data Loss Prevention (DLP)- the term means a lot to any organization today; CISOs today see DLP as a high priority thing, as per a recent CISO survey conducted by Gartner.

Today, we live in a world where the number of internet-connected devices is booming, like never before. Thus, for any organization today, terms like data loss, data recovery, data leaks etc mean a lot and that’s why they tend to invest heavily in DLP.

What is Data Loss Prevention?

Any solution or process that’s used to identify, track and protect confidential data while it moves through and out of an enterprise network is what constitutes DLP (Data Loss Prevention). Data includes all kinds of data, which would reside on different devices within a network; these include computer systems, servers (physical and virtual), file servers, databases, POS devices, mobile devices, USB devices etc. The data would be moving through different networks as well, including wired or wireless networks, VPNs etc. Thus, based on the device or network involved, we use different DLP solutions,

DLP: Protecting different types of data

DLP, as an important aspect of enterprise security, seeks to protect all kinds of data- corporate data, customer data and intellectual property.

Corporate data, which pertains to different aspects of an organization’s infrastructure and functioning, would include financial documents, employee information, documents pertaining to strategic planning, research documents, documents relating to M&A etc. Protecting such data is of critical importance as any kind of leak or damage impacting such data could affect the organization greatly.

Customer data, which includes credit card numbers, personal data (name, address, date of birth, telephone number etc), social security numbers, financial details, medical records etc, is of utmost importance to any organization. If customer data is breached, that too could lead to great financial loss as well as loss of reputation to an organization. It could sometimes even lead to the closing down of a business.

Intellectual property, which too needs to be covered under DLP, includes source codes, process documentation records, product design-related documents, internal price lists etc.

The different kinds of DLP solutions

There are different kinds of Data Loss Prevention solutions, including network-based DLP solutions, Datacenter or storage-based solutions, endpoint-based solutions and content-aware solutions.

Network-based DLP solutions, as the term itself suggests focuses on data in motion. Installed at the “perimeter” of organizational networks, these solutions would monitor network traffic and detect any kind of data leaks or data loss. The focus would be on monitoring email traffic, Instant Messenger-based communication, SSL traffic, social media interactions, web 2.0 applications etc. At the same time, the DLP solutions would also be checking for any kinds of violations of the organization’s information disclosure policies.

Datacenter or storage-based DLP solutions seek to protect data that’s at rest within an organization’s datacentre. Such solutions would look at the confidential data that remain stored in different platforms (- file servers, databases, SharePoint etc) within an organization and see if it’s all stored securely.

Endpoint DLP solutions monitor endpoint systems and devices, including laptops, tablets etc connected to the network, POS devices, USB devices etc. Thus, all actions pertaining to endpoints, like for example copying some data to some USB device, transfer of data to CD/DVD, sending a mail via an endpoint-connected mobile device/laptop etc would be monitored for data loss or data leaks. Such endpoint DLP solutions, based on how they are configured, could either do passive monitoring or actively block some activities.

Coming to content-aware DLP solutions, these look into and prevent the accidental exposure of sensitive data outside authorized channels. Such solutions focus on implementing company policies based on content classification and use monitoring, blocking and remediation functionalities.

Things to keep in mind about DLP

• Have a concrete DLP strategy, know what all you require for ensuring proper implementation of the DLP strategy.
• Always focus on application security. The applications that you use protect your data and hence always see application security testing as vital to data security.
• In today’s scenario, there needs to be DLP-related policies and procedures for mobile devices as well.
• Have a full-fledged team to tackle DLP. If not, partner with security firms to work out and implement DLP strategies.
• Educate and train employees on everything pertaining to DLP.