Main Logo

Data loss prevention – Part 2

Data security

By 

 on 

Our last post examined the important concepts of what Data Loss Prevention (DLP) is.  In this post, we now examine the required controls that are needed to safeguard these datasets, as well as the important features you need to look out for as you pick a particular DLP solution for your business.

The Required Controls for Data Loss Prevention

Before any DLP technologies can be evaluated, it is important to first understand the controls that are needed for each focus area of the data described in the last section.  Once this has been established, then the appropriate DLP software package can be selected and deployed.  The following charts depict the necessary controls for each type of data:

Data in Motion

Focus Area                                                                                                                           Technological Control

Perimeter security Firewalls, Proxy servers
Network monitoring Selected DLP technology
Internet access control Proxy servers, Content filters
Data collection and exchange with third parties Secure email, Secure FTP, Secure APIs, Encrypted physical media
Use of instant messaging Firewalls, Proxy servers, Workstation restrictions
Remote access Encrypted remote access, restrictions on use of remote access tools to prevent data leakage

Data in Use

Focus Area                                                                                                                        Technological Control

Privileged user monitoring Event monitoring related to databases and application log files
Access/usage monitoring Event monitoring related to databases, application log files
Data sanitation Data sanitation routines and programs
Use of test data Data sanitation routines and programs
Data redaction Data redaction tools
Export/save control Application controls

Data at Rest

Focus Area                                                                                                                              Technological Control

Endpoint security Operating system workstation restrictions, Security software
Host encryption Full disk encryption tools
Mobile device protection Built-in security features, Third-party mobile device control products
Network/Intranet storage Access control software and permission control in all Operating systems, Databases and File storage systems
Physical media control Endpoint media encryption tools, Operating system workstation restrictions
Disposal and destruction Data erasure and Data wiping software

Important Features of DLP Solutions

Now that you have identified the right technological control that is associated with each focus area of the three data types, the next step is to evaluate the most appropriate software package for your organization. Many tools are available; but whatever you select must contain, at a minimum, the following features:

  • Fingerprinting of documents and their file sources:

This is where all copies of information and data are recorded upon, and thus each and every document in this regard must be “fingerprinted” in order to uniquely identify them.  This could include an assortment of water marks, numerical/alphanumerical naming conventions, etc. Keeping a version history of any modifications, revisions or edits that are made to these respective documents is also important.

  • Multiple inspection nodes:

Having multiple inspection nodes is especially crucial for those datasets that fall under the category of “Data in Motion”.  They need to be closely monitored across all network mediums, and any other associated network-based perimeters as they travel from point to point to the final destination.

  • Sophisticated pattern matching functionalities:

All of the information/data that falls under the three categories must also be uniquely identified as well.

  • Capabilities to determine where the datasets are going:

This applies primarily to the information and data that falls under “Data in Motion”.  There are various methods in which all of this can be transmitted, which are primarily through the use of Internet based applications, e-mail, instant messaging, etc.

  • A centralized location for all of the DLP information that is collected:

In this regard, it is very important to have a central repository for the following so it can be easily analyzed:

  • The document fingerprints;
  • The inspection modes;
  • Anomalies in the pattern matching;
  • All archiving and logging actions and behaviors.

It is important to remember that the best DLP software packages can monitor all of the network traffic and who is accessing what across all of the three information/data categories. Blocking any suspicious activity and keeping the most sensitive datasets from being leaked out to the wrong recipient(s) is also critical.

 Our next post will review some of the actual top DLP software packages that you should consider implementing for your business.

 

Newsletter Subscription

Subscribe for updates, promotions, new courses, and more.

Share this post

Know someone else who’d enjoy this post? Share it with them using the buttons below. 

Want to learn more?

Check out our other recent blog posts for more helpful IT resources. 

Center LinkedIn Follow Button