Our last post examined the important concepts of what Data Loss Prevention (DLP) is. In this post, we now examine the required controls that are needed to safeguard these datasets, as well as the important features you need to look out for as you pick a particular DLP solution for your business.
The Required Controls for Data Loss Prevention
Before any DLP technologies can be evaluated, it is important to first understand the controls that are needed for each focus area of the data described in the last section. Once this has been established, then the appropriate DLP software package can be selected and deployed. The following charts depict the necessary controls for each type of data:
Data in Motion
Focus Area Technological Control
| Perimeter security | Firewalls, Proxy servers |
| Network monitoring | Selected DLP technology |
| Internet access control | Proxy servers, Content filters |
| Data collection and exchange with third parties | Secure email, Secure FTP, Secure APIs, Encrypted physical media |
| Use of instant messaging | Firewalls, Proxy servers, Workstation restrictions |
| Remote access | Encrypted remote access, restrictions on use of remote access tools to prevent data leakage |
Data in Use
Focus Area Technological Control
| Privileged user monitoring | Event monitoring related to databases and application log files |
| Access/usage monitoring | Event monitoring related to databases, application log files |
| Data sanitation | Data sanitation routines and programs |
| Use of test data | Data sanitation routines and programs |
| Data redaction | Data redaction tools |
| Export/save control | Application controls |
Data at Rest
Focus Area Technological Control
| Endpoint security | Operating system workstation restrictions, Security software |
| Host encryption | Full disk encryption tools |
| Mobile device protection | Built-in security features, Third-party mobile device control products |
| Network/Intranet storage | Access control software and permission control in all Operating systems, Databases and File storage systems |
| Physical media control | Endpoint media encryption tools, Operating system workstation restrictions |
| Disposal and destruction | Data erasure and Data wiping software |
Important Features of DLP Solutions
Now that you have identified the right technological control that is associated with each focus area of the three data types, the next step is to evaluate the most appropriate software package for your organization. Many tools are available; but whatever you select must contain, at a minimum, the following features:
- Fingerprinting of documents and their file sources:
This is where all copies of information and data are recorded upon, and thus each and every document in this regard must be “fingerprinted” in order to uniquely identify them. This could include an assortment of water marks, numerical/alphanumerical naming conventions, etc. Keeping a version history of any modifications, revisions or edits that are made to these respective documents is also important.
- Multiple inspection nodes:
Having multiple inspection nodes is especially crucial for those datasets that fall under the category of “Data in Motion”. They need to be closely monitored across all network mediums, and any other associated network-based perimeters as they travel from point to point to the final destination.
- Sophisticated pattern matching functionalities:
All of the information/data that falls under the three categories must also be uniquely identified as well.
- Capabilities to determine where the datasets are going:
This applies primarily to the information and data that falls under “Data in Motion”. There are various methods in which all of this can be transmitted, which are primarily through the use of Internet based applications, e-mail, instant messaging, etc.
- A centralized location for all of the DLP information that is collected:
In this regard, it is very important to have a central repository for the following so it can be easily analyzed:
- The document fingerprints;
- The inspection modes;
- Anomalies in the pattern matching;
- All archiving and logging actions and behaviors.
It is important to remember that the best DLP software packages can monitor all of the network traffic and who is accessing what across all of the three information/data categories. Blocking any suspicious activity and keeping the most sensitive datasets from being leaked out to the wrong recipient(s) is also critical.
Our next post will review some of the actual top DLP software packages that you should consider implementing for your business.
