Data Loss Prevention

Data loss prevention (DLP) is a generic term for many different technologies and strategies. Data loss can be mitigated by encryption. Data loss can be mitigated or prevented by port blocking or content fiiltering. Security vendors will offer their software suites and appliances as a DLP solution. Does their solution match your problem?

1. Define the scope.
   This is a high level definition of the data (e.g., customer name, customer account number, credit card number), to be contrasted with implementation of the data (e.g., customer database record).
   What data is the company obligated to protect?
   What data is most valuable to the company?
   Expect to revisit this question later. Set aside out-of-scope data for later classification.
2. Define policies.
   What is the policy for the identified sensitive information?
3. Discover the implementation.
   How has sensitive data been implemented? Where can it be found?
   Expect to encounter out-of-scope data. You may need to change the scope definition. Hopefully, all you do is set it aside for later classification.
4. Define the usage.
   How is the sensitive data accessed? Who has access to sensitive data? How is this access managed (deletion of access as well as granting of access)? How are copies of the data managed?
   How is the sensitive data gathered? How is the sensitive data disposed of?
5. Assess the usage.
   Are existing protection mechanisms are appropriate to the level of classification? Are there any gaps within the data handling procedures?
6. Address identified gaps.
   Implement or adjust protection mechanisms. Review procedures that create copies. Review training as well as technical controls.
7. Monitor data protection measures.
   Report, audit, and document incidents of data leakage.

Three common data leak scenarios:

• Common employee mistakes such as e-mailing sensitive data without encrypting the contents
• Poor business practices such as using production data for development and testing
• Internal threat agents or potentially malicious insiders

Three problems when it comes to data protection:

• Not understanding what data represents the greatest value
• Overspending to protect data that is not valuable
• Under-spending on data that represents the most opportunity

See also: Comment: The Missing Link from DLP by David Gibson of Varonis (Infosecurity, 17-May-2012).

Data governance software automation is providing organizations with the ability to improve DLP implementations by not only automating the process of identifying sensitive data, but also simultaneously showing what data is in use and who is using. It provides the needed context for comprehensive DLP. By non-intrusively, continuously collecting critical metadata and then synthesizing this information, data governance software provides visibility never before available with traditional DLP implementations. When data governance software is used in conjunction with traditional DLP software, implementations move faster and sensitive data is more accurately identified and protected.

My interpretation: it is more effective to control sensitive information at its source than to rely upon:

• Server protections focus on content classification and identifying sensitive files that need to be protected before they have a chance to escape.
• Network protections scan and filter sensitive data to prevent it from leaving the organization via email, HTTP, FTP and other protocols.
• Endpoint protections encrypt data on hard drives and disable external storage to stop data from escaping via employee laptops and workstations.

DLP Lite

Mitigate the risk of data leakage and theft through proactive analysis of shared and personal file repositories using StealthTOOLS DLP Lite for File Systems – a powerful, flexible, and free regex engine designed with Data Loss Prevention (DLP) in mind.

Whether it’s identifying the existence of Personally Identifiable Information (PII), Credit Card and Social Security Numbers, organizational data such as salaries and trade secrets, or simply a particular condition only applicable to your organization, ensuring sensitive and proprietary data is in the proper location and accessible to the appropriate users is of the utmost importance.