Data Loss Prevention (DLP)

Introduction

Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside of the corporate network intentionally or unintentionally. The term is also used to describe software products that help a network administrator control what data end users can transfer.

Organizations commonly use them to secure communication channels, such as email, to ensure employees do not send sensitive information to unauthorized recipients. With the increasing use of Web 2.0 applications and a growing mobile workforce conducting business on portable devices like laptops (with their potential for theft and loss), effective DLP solutions must be able to provide coverage for a wide range of communication channels. To achieve this goal, a DLP solution must, at a minimum, include, email, and endpoints or laptops among the communication channels it can secure. If necessary, it must also be able to block transmission of data on these channels. Managing separate policies for each of these channels can quickly become cumbersome. A DLP solution should be able to provide policy management and reporting capabilities that administrators can easily extend to support several channels from a single policy.

What Is DLP

The two core functions of Data Loss Prevention technologies are to accurately identify sensitive data in its many forms and then to prevent the loss of that data. DLP coverage capabilities vary and solutions are commonly categorized into two groups based on that coverage: Enterprise DLP (EDLP) and Integrated DLP (IDLP). DLP coverage is not the only differentiation between EDLP and IDLP.

Enterprise or Full Suit DLP: Enterprise DLP technologies are purpose built solutions to prevent data loss across the leakage vector spectrum, including at the network gateway (data in motion), in storage (data at rest) and at the endpoint (data in use).

They provide coverage across the complete spectrum of leakage vectors. Significantly, Full Suite DLP addresses the full range of network protocols, including email, HTTP, HTTPS, FTP and other TCP traffic. Another critical distinction of most Full Suite DLP solutions is the depth and breadth of their sensitive data detection methodologies, which translates into meaningful increases in DLP effectiveness. Another unique and critical feature of Full Suite DLP solutions is a central management console. This eliminates the need for multiple management interfaces and significantly reduces the management overhead of a comprehensive DLP initiative.

 Integrated or Channel DLP or DLP Lite: By contrast, Integrated DLP tools were designed to address requirements other than DLP, but have some ability to inspect outbound data. IDLP solutions generally offer coverage limited to a single protocol (e.g. email, web) or a single DLP component (e.g. data in motion, data at rest).

Integrated DLP or Channel DLP solutions were designed for some function other than DLP they were modified to add some DLP functionality. Common Channel DLP offerings include email security solutions, device control and secure web gateways. In each case, Channel DLP solutions are limited in their coverage and detection Methodologies. Every organization is different when it comes to organization structure, Information Policies, Digital Infrastructure, type of data it handles, communication channels and clients. Not all organization requires Enterprise DLP. Integrated DLP also does the job for some organizations which faces specific issues related to Data leakages like mail security or BYOD device security.

Do I Need DLP Solution?

Below are the 7 Business cases why companies opts for DLP solutions. Even any one of these case matches your requirement your company need a DLP solution.

Business Cases:

  1. Company need to protect proprietary information against security threats caused by new communication channels and enhanced employee mobility.
  2. Management would like to monitor your organization for inappropriate employee conduct and maintain forensic data of security events as evidence.
  3. Uncertainty of your organization’s level of protection for confidential data in cloud applications and storage.
  4. Concerned about your next audit and want to maintain compliance with complex regulations.
  5. Concerned about the liability, negative exposure, fines and lost revenue associated with data breaches.
  6. You aren’t sure where your company’s confidential data is being stored, where it’s being sent and who is accessing it.
  7. Your organization would like to proactively prevent the misuse of data at endpoints, both on and off the corporate network.

Once you figure out that there is need for DLP solution, Organization has to perform Risk Assessment. This can be done by internal team but if the huge investment is going to be in that case it’s advisable to hire external consultant for the Risk assessment.

Requirements Gathering for DLP Solution

In order to proceed with the DLP selection, one needs to follow standard practice which are followed by most of the multinationals companies before buying new technology. Three essential requirements that needs to be gathered are:

  • Business Requirement
  • Technical Requirements
  • Operational Requirements