Why Data Loss Prevention (DLP) Matters to Your Security Strategy

s-1

With recent data breaches as well as the General Data Protection Regulation enactment, CISOs are prioritizing Data Loss Prevention (DLP) security strategies and tools. Confidential data, whether corporate or customer-related, can be leaked from almost any computing device today, including physical and virtual servers, databases, end user equipment, flash storage devices, and mobile devices.

According to the Ponemon Institute’s 2016 Data Protection Benchmark Study, organizations around the world are dealing with an average of 20 data loss incidents per day. The same study found that a simple data leak of 100,000 customer records for one company can turn into a direct and immediate cost of over $21 million. More about measuring the value of investing in security initiatives against data breaches in this blog.  

Ponemon Institute DLP Figure 1-1.png

Ponemon Institute DLP Figure 2-1.png

Therefore, the cost to remediate a data loss security incident can be substantially high and negatively impact the business over time. A data loss prevention (DLP) security strategy will yield a significant return on investment in time.

In this blog, let’s explore how DLP is used as a security strategy and tool to impact businesses positively today.

What is Data Loss Prevention?

DLP in its simplest terms is a security strategy to prevent or protect users from sending sensitive information or critical information outside the corporate network. It can also be used to describe various security technologies and tools used to prevent insider threats from leaking or sending corporate files to cloud storage, personal emails, social media sites, or other unauthorized locations.

DLP monitors and safeguards your data in transit, data at rest, and data in use.

Data in Transit Protection: Refers to data moving through a network, internal or external, to an endpoint destination. DLP tools can encrypt the data and use an encrypted transport protocol such as SSL or VPN.   

Data in Use Protection: Refers to data used by applications or in service. DLP tools should obfuscate or encrypt sensitive in use data always, such as showing dots for a credit card number (except possibly the last four digits) and disallow transmission to unauthorized storage locations like cloud storage, personal emails, social media sites, etc.

Data at Rest Protection: Refers to data that is currently archived. DLP tools encrypt data in the database; field encryption is preferable; table and database are also options.

DLP security tools should monitor for unauthorized attempts to access or store data. When the user logs in the to the device, data on the drive is accessible in an unencrypted manner, but if lost or stolen, unless the laptop can be logged into, the disk encryption protects the data – if a hard drive is attached to another PC, the data cannot be accessed.

What’s Happening With Data Loss Prevention Today

A few important industries are at the greatest risk of data loss and leakage. The financial, healthcare, and manufacturing industries should be carefully considering their DLP security strategies. Personal identifiable information (PII), personal health information (PHI), and intellectual property (IP) all carry a very high financial loss risk in the event of data loss. If this type of data is leaked, your company may face pressure from regulatory bodies and even litigation.  

The Ponemon Institute found that 85% of companies around the world have experienced some form of data loss in the last 24 months. Most of these data loss incidents occur from within the organization (See Figure 1). DLP security tools enable the organization to put tight monitoring controls on emails, instant messages, applications used and downloaded, web surfing, and more. DLP tools inevitably help control the high financial and brand reputation risks your business may incur from a data loss incident.

Countries around the world are enacting data protection laws that impose more stringent requirements on both public and private organizations handling sensitive data. These data protection laws, such as the GDPR, will enforce significant penalties for noncompliance with the regulations and breach notification. DLP security strategies and tools help mitigate and remediate data loss as well as address specific requirements outlined by regulations such as GDPR.

Strategies & Tools for Data Loss Prevention

Standard Security Measures: an organization must have the fundamental information security infrastructure to support its operations, including firewalls, intrusion detection, prevention systems, anti-malware and anti-virus protection, and vulnerability management or threat management systems.

Mature Security Measures: Some organizations may decide they need added monitoring and threat protection that various advanced security analytics tools offer. This may include security machine learning, honeypots, network traffic analyzers, data integrity controls, user identity checks or activity-based verification, and more to detect irregular data access.

DLP Specific Tools: these tools will specifically block attempts to copy or transmit sensitive data to an unauthorized location, intentionally or unintentionally. DLP specific tools can help in many areas including:

  • Simplified management of DLP policy
  • Educate and alert users without involving IT/security personnel
  • Monitor sensitive emails before leaving the organization
  • Identify PII, HIPAA, SOX, PCI DSS, GDPR or other compliance related data
  • Use file matching to prevent sensitive files or data from leaving the organization
  • Protect data in motion through SMTP, HTTP, and FTP data

A solid security policy will aid in making DLP work properly. Regular audits must take place, and security incident and remediation must be well documented and addressed. To get started with DLP, an organization must perform a classification of its structured and unstructured data sets so that its policies can state what data is classified as sensitive.

Data loss is an unsettling problem around the world. Organizations of all types and sizes are at risk for data loss. When you make DLP an active part of your security strategy, you can gain competitive advantage. Your most sensitive data will be protected by these tools which will, in turn, protect your brand and shareholder value. Your DLP tools and strategies can even help prevent the permanent brand reputation damage you might incur from a data loss incident or data breach. If you have questions about DLP strategies or tools, our security experts are here to provide guidance and thoughtful discourse on how to stand up DLP.