Your Data Loss Prevention (DLP) Journey!
Is your organization looking for a Data Loss/Leakage Prevention (DLP) solution? What does that mean? How do we get started?
DLP is all about egress, protecting data leaving your end points through various channels. Data could be leaving attachable devices, such as USB media, CD ROM or printers. Data could also be leaving through a browser copy/paste, uploads or via email. The purpose of DLP is to protect and monitor data leaving any of these channels: attachable devices, browser/web uploads or email.
There are several tools you could use for DLP, some of the popular ones are Symantec DLP, Netskope DLP, O365 DLP or McAfee. Most of these vendors are pretty mature and a demo or POC may be needed to make sure whatever tool you decide to use to address your specific use case(s).
How do you get started?
One of the first things that needs to happen is your legal and risk/governance team needs to assess the risk and help develop your DLP requirements. Organizations need to determine the data elements they want to protect: Credit Cards, SSN, NPI, legal, intellectual property, trade secrets, etc. Investing in classifying data is key because this is the basis for implementing suitable data protection policies.
There are many tools that can scan your data sources and we, Adaptive Systems, can help develop a strategy to scan, classify and tag your documents. We will start off by performing a data classification exercise that applies keywords/tags (i.e. “internal” , “classified” or “public”) to your documents. After creating tags, we will ask for your assistance in classifying and tagging all documents using the keywords created. Once all documents are categorized and tagged, you can develop policies and controls around your data such as alerts and blocks for data in transit.
What about fingerprinting and indexing documents?
Many DLP solutions today offer a way to fingerprint a document or a template. Protecting highly classified and sensitive data by leveraging fingerprinting and indexing capabilities of a DLP solution is what many organizations are looking to implement today. Most DLP solutions provide the capability of fingerprinting a document or a document template, such as trade secrets, formulas, or legal documents with a specific threshold. Once it’s fingerprinted using your DLP tool, controls can be defined to monitor the files moving around the corporate network or going outside the corporate network. If a user attempts to email a classified file to an unauthorized recipient or upload on a blacklisted website, protection controls in the DLP tool such as a blocking or alerting can be implemented.
The primary benefit of file fingerprinting is the ability to identify and tag sensitive information on a network or file shares. After a DLP solution creates data fingerprints and associate files with their appropriate DLP policies, a DLP program detects network traffic such as emails, TCP and FTP over 80/443 traffic or web uploads that contain documents matching fingerprint data in order to apply protections based on those DLP policies. The controls deployed based on document fingerprints may include blocking transmissions, preventing file access or encrypting sensitive data. Most organizations have restricted-use or restricted-access policies so that only specific users have access to sensitive information which can be made possible by data fingerprinting used in combination with DLP policies and exceptions.
Now, on to Policies…
Security controls should be designed in such a way that you can build policies to enforce that control in any security domain such as, IAM, DAM, DLP, EP or Network Security. For DLP, similar policies need to be created to protect the classified data leaving the premise through any channel such as: email, web upload, copy/past, USB devices and printing.
Email is an area most companies want to lockdown first followed by web uploads like box.com or G drive. With the data classification tools and categories used above, emails that violate a DLP policy can trigger an alert and they can be quarantined or blocked depending on the risk level.
What are your challenges in DLP? Where are you in this journey? Do you need help evaluating a tool or need help developing controls and policies?