Data Loss Prevention
05/31/15 Category: Security
Data Loss Prevention (DLP or Data Prevention) are techniques typically used on gateway devices (firewall, mail servers, proxies, etc.) or endpoints (desktops, laptops, etc.) to minimize or prevent the loss of sensitive data.
DLP may involve different types of data such as structured (e.g. databases) or unstructured (e.g. documents, spreadsheets, presentations). It might involve different forms of compliance driven data such is personal identity, medical, financial, etc. However, most CEOs and senior level management seem most concerned about intellectual property, whether from the outside or within. After all, massive investments were made in to get intellectual property. While compliance focuses on individual data, it's the corporate crown jewels that really keep management awake at night. Theft from within might be caused by insider threats or outside threats using stolen credentials or malware to access the IP.
Firms are concerned with having IP data leave their organizations either via mobile devices, laptops, external USB storage or using the internet. Most people seem to believe that theft of data can be prevented mid-flight or in other words while in motion. However, web based applications, malware, peer-to-peer apps and other techniques can be used to "carry" the data out of the firm. Data mules might be people, devices or applications.
Meanwhile, encryption and other simple and sophisticated techniques can be used to obscure or otherwise prevent the partial or complete fingerprinting techniques from detecting and stopping the theft mid-flight. Additionally, privacy concerns, processing power and related issues pertaining to decryption, make it more challenging than just enabling a feature on certain network layer devices.
The reality is it's far better to isolate sensitive data, minimize the risk exposure and then detect on access. Data cannot go into motion without first being accessed! It's important to monitor legitimate access rights and be wary of privilege escalation. Additionally, use data science techniques to look for abnormal data access patterns and/or data movement.
It's important to not use a single product or solution. A security framework needs to be in place, here's a short list:
- Good perimeter security and reviews
- Good web security
- Good email security
- Good monitoring/logging
- Good access logging/detection
- Good processes and technology for access rights
- Good enforcement of application control to minimize exit paths
In other words, protect from external threats, detect access to sensitive data at the source and protect against the exfiltration of data.
Focusing on access will increase the probability of safeguarding intellectual property. Any single point solution or approach will leave too many vectors for DLP to occur. Don't buy into the hype, tackle it with a systemic process.