Data Loss Prevention (DLP) is a set of tools and practices that seek to avoid a damaging data breach and loss of confidential or critical information. Typically this focuses attention on the environment perimeter, in the form of email or web access and also endpoint control.
The cost of a data loss incident is escalating rapidly. According to a 2013 Ponemon Institute study, the average cost of a breach to an organisation is between £50 and £250 per record (depending on the industry vertical). To put that into context, the Target breach resulted in the loss of 40 million credit card numbers and 70 million personal detail records.
A software DLP solution concentrates on two areas: “Data at Rest” and “Data in Motion”.
Data at Rest targets files stored within either the corporate network (SharePoint, filters) or held on endpoints, including laptops and desktops. Scheduled scans pinpoint problem areas and remediation (auto or manual) can then take place when the incident is flagged on the management portal.
Data in Motion monitors files traversing the network or being moved onto a device, such as a USB drive, a DVD, a network share or even a printer. Emails are redirected to a monitor server for inspection, web traffic likewise. SSL decryption takes care of web mail and web storage services.
What can DLP look for?
A large amount of use cases are going to be looking for straightforward information, which can be defined by keywords or data identifiers. A data identifier is a regular expression to pattern match a string of data such as a credit card number or a National Insurance number. Other methods include importing actual data into the DLP platform and it can then monitor at rest or in motion traffic to check for any or all of the data. This might include a customer database, a CAD drawing or critical documents. Many DLP solutions come with hundreds of built-in data identifiers and policies, which look for matches against known industry standard requirements such as PCI-DSS or Sarbanes-Oxley.
What types of data can DLP software inspect?
The answer to this is pretty much anything; the majority of DLP software is now mature enough that features have been added to cover the majority of file types. As you’d expect, all the usual suspects are included: Word, Excel, PDF, compressed files, but also databases, Visio and CAD drawings.
What is the usual outcome?
Many organisations see benefits not just from the DLP side, but also because this forces them to look at how, when and where their data is classified and it’s a great driver towards data classification and ownership. Actual malicious activity is not a common occurrence and DLP incidents highlight broken business practices such as emailing orders, which include credit card numbers, storing credit card information outside of a PCI zone, keeping old copies of customer databases, or employees emailing data to their web mail so they can work at home. The list is almost endless, but a quick remediation process can have a dramatic effect on the level of associated risk.
To contact Nettitude's editor, please email firstname.lastname@example.org.