[BreachExchange] 4 Things You Need to Know About Data Loss Prevention
Audrey McNeil
audrey at riskbasedsecurity.com
Tue May 24 20:07:10 EDT 2016
http://www.information-management.com/news/security/4-things-you-need-to-know-about-data-loss-prevention-10028906-1.html
Gartner assigns Data Loss Prevention (DLP) as the fastest growing security
segment, with an annual growth rate of 18.9 percent through 2018. Driving
this growth is the mind-boggling amount of electronic data that is
accumulating year over year.
Research firm IDC says by 2020, the data we collectively create annually
will reach 44 zettabytes, or 44 trillion gigabytes. Add in recent increases
in the portability of data and employee mobility, and the potential for
data loss escalates further.
When it comes to data loss, what’s at stake for a business? In a
word—everything.
The potential damage to a company from a data breach can be catastrophic
(hello Sony Pictures), ranging from loss of intellectual property, to
decreases in sales and market share and a potentially fatal blow to an
organization’s reputation. In addition, expensive lawsuits and costly
penalties for failing to comply with strict data protection regulations are
also on the rise.
Industry analysts have struggled to put a number on the actual cost of data
loss, with estimates ranging anywhere from $0.58 to $201 per record.
Regardless of the exact costs, what can organizations do to protect
themselves, their customers and their stakeholders? Here are four essential
steps to effective DLP:
What’s at risk?
When protecting against potential data loss, it’s important to first
understand what’s at risk. For any business, the data threat generally
falls into three primary categories: intellectual property (e.g., product
designs, source code, process documentation, etc.), enterprise information
(strategic plans, financial reports, employee data, etc.) and customer
information (payment card numbers, individual details, banking information,
etc.). Obviously, such information falling into the wrong hands would be
disastrous for any business.
Start by getting your arms around your data — inventorying, categorizing
and prioritizing. Map out your information assets and understand all the
steps that go into how they are built, stored, managed and protected.
How do data breaches happen?
It’s helpful to assign categories to potential data loss culprits.
Categories might include employees (or other insiders) who accidentally
lose data, employees who deliberately leak data and external attackers who
target your company or specific data silos.
While malicious international hackers and saboteurs get the headlines, much
more common (and preventable) breaches occur though the actions of careless
or distracted employees who manage or interact with confidential
information. A misplaced smartphone with no password or tracking ability, a
dropped unencrypted USB drive or a simple click on a fraudulent link on an
unprotected PC/laptop are a few simple examples of how data can be leaked
accidentally.
Start within the organization
Since employees are often the root cause of data leakage, rigorous
information management safety training is an easy-to-implement first step
towards preventing data loss. Of course, training should be tied to set
policies and procedures that dictate who has access to what information,
and clear instructions and rules on how it should be handled.
Also, put as many automated tools in place within your organization to set
DLP policy centrally, and perform enforcement automatically rather than
leaving the task to the “good” judgment of individual employees. Policy
enforcement and scope depends on the nature of the data, the size and
distribution of the company enterprise, and the degree of risk associated
to the internal and external threats.
Know your DLP options
Companies should understand and consider the following types of DLP
coverage:
• Endpoint-Based DLP monitors individual endpoints and devices, such as
desktops, laptops, smartphones and tablets, to discover and prevent data
leakage. Activities such as outgoing emails and print commands can be
reviewed for discrepancies. The advantage with this approach is that it is
centrally managed and policy driven, and prevents data loss at the
PC/endpoint level, even if the data never reaches the Internet. The
disadvantage is that it must be deployed on all corporate PCs and laptops
to ensure maximum protection of corporate data.
• Network-Based DLP is installed at the perimeter of business networks; it
analyzes network traffic to pinpoint critical data that flows out of the
company’s internal network to the Internet. If predefined information
disclosure policies are violated, the source of such leakage is flagged.
The advantage of this approach is that it is centrally managed and policy
driven. The disadvantage is that it cannot prevent data loss at the
PC/endpoint, for example via USB drives.
• Storage-Based DLP protects the storage location of confidential data.
Unsafe storage is often caused by improper data retention policies, so
these solutions can do far more than just protect critical data from
leaking.
• Content-Aware DLP enforces company policies based on the content and
classification of crucial data. If a predefined keyword or file type is
detected to be leaving the organization, a flag is raised, allowing a
business enterprise to prevent accidental or deliberate leakage of data.
All of the above three approaches need to incorporate content-aware DLP.
• DLP Basics: In addition to the above, DLP tools should eliminate the
threat of security leakage through rogue apps and malicious software, scan
installed programs and devices for security holes or blind spots, and
prevent targeted attacks through malware or other malicious techniques.
Because all of these capabilities have become essential for businesses
today, it’s easy to understand not only why DLP is on fire as a security
segment, but also why it’s critical to put a DLP solution in place earlier
rather than later.
Finding the right approach to DLP for your organization is what’s key. Do
your homework and make sure the approach you select reinforces your
company’s information security policies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160524/6b0d680a/attachment.html>
More information about the BreachExchange
mailing list