DLP solutions: plugging the leaky data problem
- Posted on February 7, 2018
- Estimated reading time 3 minutes
When it comes to cybersecurity issues that are covered in the media, the higher the number of people impacted through a data breach or ransomware, the bigger the headline.
But there are ongoing security incidents that happen that plague an organisation on a regular basis. These smaller security incidents may not hit the headlines, but they certainly impact an organisation's bottom line. Whether it is important company Intellectual Property (IP), critical pricing information, Personally Identifiable Information (PII) or Protected Health Information (PHI), an organisation holds a significant amount of sensitive information when lost to a competitor or malicious actors may lead to grave consequences. Consequences may include loss of reputation, competitive bids, reversal or slowing down of market leadership and penalties associated with regulatory and industry requirements.
Data Loss happens at all organisations whether innocently or maliciously. Insiders (such as employees) are the #1 way that organisations lose data. Examples include a dissatisfied employee trying to hurt the organisation, a busy employee typing the wrong email address, or an employee leaving an organisation and wanting to grab a copy of work products he worked on for his own archive or to benefit his newer employer. The various ways that data loss occurs may be through web forms (attaching documents to forms or pasting data in forms), sending them via email, transferring through cloud drives or transferring information through USB drives. Often, these small data loss incidents aren't reported, and thus, never hit the headlines.
Several Data Loss Prevention (DLP) solutions are available to prevent data loss –these may be very simple machine-learning-based, or very complex, which recommend additional hardware and restructuring of the whole architecture of the web-facing infrastructure. Each solution has its version of e-discovery, where a program trawls through the document store to find sensitive information either through the sensitivity tagging of the documents or through machine-learning. Some solutions may just block text or Microsoft Office files, while others may work only on email clients and not on browsers. Still other advanced solutions even block screenshots of data. Further, some solutions have full-blown DLP endpoint clients, and some work only on a network. Almost all DLP solutions have a blocking mode and a report mode.
DLP mechanisms work at data egress points, typically at mail transfer agents when emails are sent out, or at the proxy level for browsing data, end-point DLP works on USB transfers and reports on printing of sensitive data. The challenges of an optimally functioning DLP solution is that critical data needs to be correctly identified. If not identified correctly, then data is lost; if identified too much, then organisations face too many false positives leading to productivity loss. A finely-tuned DLP solution rarely works out of the box.
DLP may also be important for compliance reasons such as the European Union’s General Data Protection Regulation (GDPR) and the Australian privacy law, entitled Notifiable Data Breaches (NDB), which recommends that private data breaches be prevented. DLP may one of the critical tools that you can invest in to prevent malicious or accidental data loss.
Avanade can help you set up DLP solutions, please contact us for further information.