Data Loss Vectors
Insider threat being one among the top ten threats an organization faces, data loss prevention mechanisms play a key role in protecting the data within an organization. With all the avenues available to employees today to electronically expose sensitive data, the scope of the data loss problem is an order of magnitude greater than threat protection from outsiders .
The data loss vectors include:
Data in motion . Any data that is moving through the network to the outside via the Internet
Data at rest . Data that resides in files systems, databases and other storage methods
Data at the endpoint . Data at the endpoints of the network (e .g . data on USB devices, external drives, MP3 players, laptops, and other highly-mobile devices)
What needs to be protected and Why?
Regulatory Compliance: An organization need to implement data loss prevention systems to ensure regulatory compliance such as SOX, GLB, HIPAA, European Union data protection directive and/or PCI Compliance as companies are required to take measures to protect private and personally-identifiable information. Data loss is not only a significant problem for companies in data-sensitive industries such as health care and finance, but for nearly any organization conducting business worldwide
Intellectual Property Protection: In today.s business world protection of the intellectual property is of paramount importance and is a major concern for organizations of all sizes. From industrial espionage to employees defecting to a competitor and taking sensitive information
with them, protecting one of the most important assets of the business is a key driver of data loss prevention efforts.
Inadvertent forwarding of email containing product development or business plans to another email recipient
Sending unreleased pricing information to the wrong email address
Customer or competitive information sent by an employee to a third-party for financial gain
Proprietary information sent to a distributor, who might then forward it on to competitors
Trade secrets, according to the Uniform Trade Secrets Act (UTSA), include
formulas, patterns, compilations, program devices, methods, techniques, or
processes . They also can be diagrams and flow charts, supplier data, pricing
data and strategies, source code, marketing plans and customer information .
With so much that could be considered a trade secret, chances are good that
employees may not even know they are handling IP
Companies need to take steps to better protect valuable IP property from situations such as:
Data Loss Prevention solutions
A comprehensive DLP solution prevents confidential data loss by:
Monitoring communications going outside of the organization
Encrypting email containing confidential content
Enabling compliance with global privacy and data security mandates
Securing outsourcing and partner communications
Protecting intellectual property
Preventing malware-related data harvesting
Enforcing acceptable use policies
Providing a deterrent for malicious users (by creating the possibility of being caught)
In the following section, I will briefly list some of the best practices for establishing a comprehensive data loss prevention program
- Build a Data loss prevention governance structure. It is really important to define the program before it can be implemented. Develop the data loss prevention policy and obtain the management commitment
- Spend some time in defining the Data Loss Prevention needs of the organization. Perform a risk assessment.
- Prioritize the DLP focus such as Removable media channel, email & internet channel etc.
- Choose a solution which is best suitable to your organization. Is the solution a short term one or going to be part of the enterprise strategy? Is the vendor opted has a growth strategy?
- Implement the solution covering all the focus areas. Utilize the existing infrastructure as well as ensure integration with the existing infrastructure
- Perform a pilot test by implementing in small groups. Baseline the installation and configuration, once stabilized, and expand to the larger groups
- Ensure the solution is non-intrusive. Provide transparent services to the end users such as content aware encryption, protect email and internet access etc.
- Develop central management function. Workflow based administration and reporting. Violation reporting and analysis is a key process in enforcing the data loss prevention, if the solution is not capable of providing effective administration and reporting, the optimum use of the solution could not be achieved.
If you are evaluating data loss prevention solutions for your organizations, consider above points and also take a look at the list of content aware data loss prevention solutions