This blog was co-authored by Matt Hellhake and Steve Silvestri.
In today’s data-dominant culture, information is among a company’s most significant assets. So it’s critical to ensure all this data (employee, finance, customer, etc) is simultaneously protected and available when needed.
What is Data Loss Prevention?
Data loss prevention (DLP) is a proactive strategy to ensure sensitive data is not lost, misused, or accessed by unauthorized users. DLP software classifies and protects confidential and critical information to prevent end-users from maliciously (or accidently) sharing sensitive data that could put the organization at risk or damage its reputation. DLP software and tools monitors and controls endpoint activities, filters corporate data streams, and protects data in transit.
Controlling where data is available
Data can be stored on networks, in applications, or physically (on USB drives, printers, and other removable media). DLP monitors and protects data at rest, in transmission, and in use. “At rest” data is archived data: stored on databases, mail servers, file servers, or backup drives. DLP tools enable companies to encrypt this resting database data using Field Encryption, Table Encryption, and/or Database Encryption. Data in transmission refers to data moving through a network to an endpoint destination. DLP tools encrypt this data through an Encrypted Transport Protocol. Lastly, data in use refers to data a user is interacting with. This can include passwords, social security numbers, etc. This data is encrypted by being marked with an asterisk or dot. A decent DLP solution monitors and protects data across all three situations.
How DLP solutions work?
DLP Solutions monitor and act on data at rest, in transmission, and in use in accordance with custom and established policies. These policies are put in place to control and secure sensitive information both on and off the corporate network. Policies and rules detect data using content classifiers, which exist as patterns & phrases, file properties, file fingerprints, database fingerprints, or with machine learning. During an initial testing and development period, the DLP Architect constructs policies to determine the effectiveness of the Classifiers and the precision of the data extracted.
What can policies and rules do with data?
Depending on the policies and rules in place, DLP software can also act against the data it detects. What is most important though, is working with the business to understand which activities are business processes, versus which are threats (internal or external). After doing so, the software deployed on all endpoints can permit, block, confirm, or even force encryption, depending on the incident channel. Confirming an incident would enable a pop-up notifying the user of the violation and forcing them to explain why they need to continue. This information helps the DLP Architect and Engineer further improve the application to eliminate any additional lag in business productivity.
What to look for in a DLP Solution?
When deciding which DLP product to go with, many questions should be asked around the capabilities, user interface, and performance. Every business wants to first make sure the product supports content detection on all levels, including network, email, web, endpoint, and removable media. The product should then let architects and engineers customize the rules and policies around these levels to protect sensitive business data from all angles.
As complex as DLP configuration may be, it’s extremely important that it present a simple, intuitive user interface. Most businesses will need several people to run the application, requiring that each team member master at least a portion of the program. Customizable incidents let administrators view reports by specified parameters, providing an easy way to manage a large number of incidents.
Some DLP solutions provide Optical Character Recognition, which enables the scanning of content in images and PDF files. This software is still far from perfect, however, so sloppy or illegible handwriting is still difficult to detect and translate to the American Standard Code for Information Interchange (ASCII).
So hopefully from this blog post you have learned a little bit more about Data Loss Prevention, but this is just scratching the surface. For more information on DLP please reach out to us. We’d love to help you out.
Cloud Security Architect