Mon - Fri 08.00 - 18.00 | +41 21 806 37 15 |

Menu

Data Loss Prevention - DLP

DLP
In the last two years we have seen a significant shift in IT security from traditional firewalls, encryption and device hacks to security identity. The weak link is no longer the device itself or the network, but the individual.
 

Many organisations now recognise employees as the weakest 'security point' because of where they work and how they work (using public Wi-Fi networks, multiple devices, etc.)

As a result, security identity, access management and technology plans are essential to lock down your main source of weakness; the individual.

You can't always be sure that the user logging on to your network, applications or devices is the right person - this is where traditional security solutions (Mobile Device Management, Mobile Application Management and firewalls) can be complemented with additional measures to protect your organisation from unnecessary risk.

 

What is data loss prevention (DLP)?

The term Data Loss Prevention (DLP) refers to the practice of detecting and preventing the leakage of confidential data outside an organisation for unauthorised use. Data may be taken out of the organisation in physical or computerised form, intentionally or unintentionally.

The concern for data protection is not new, as highlighted in the very interesting Ernst & Young report "The evolving IT risk landscape" published in 2011. 

How is DLP different from other technologies?

While tools such as firewalls and Intrusion Prevention Systems(IPS) and Intrusion Detection Systems(IDS) look for anything that might pose a threat to an organisation, DLP applies to identifying sensitive and confidential data and preventing that data from being leaked outside the organisation for unauthorised use 
 
This solution prevents data leakage but is also often used as a mechanism to discover anomalies in business processes.
One such example would be the presence of sensitive data on an associate's laptop.
 

User awareness

 Often, data leaks are related to inadequate internal data management and are not voluntary, but they can also be voluntary.
 
Organisations spend a lot of time and money on educating users about data protection. One might assume that a data leak resulting from a user's unintentional action should be very minimal, but this is not the case. We know that many of the malware problems that companies suffer are related to user actions. Although it would appear that in theory policies and procedures are correctly applied, preventive action is needed to minimise the risk of data leakage, whether accidental or intentional, and the damage to the business.

Your data loss prevention strategies should be as broad as the causes of the loss.

Here are some of the most common ones:

  •  Human error: The majority of data loss is caused by human error. This can include actions such as: opening malicious email, creating easy-to-guess passwords, logging into "fake" sites, walking away from one's computer without logging out, leaving access to unauthorised people.

  • Insufficient access control: Many organisations give access too easily. People who only need to read the data are also allowed to modify it. When too many accounts have too much access, data thieves seize the opportunity to compromise an account.

  • Physical theft: Mobile phones, tablets, laptops, ... are easy to steal and if not well protected, are a gold mine of information.

  •  Malicious software: Infected systems send out confidential information and systems can continue to operate in this way for months before the problem is detected.

How do you protect your data in practice?

In addition to all the points we have discussed above, the implementation of specific information protection software will allow a global view of sensitive data and control of their use. 

First and foremost, an audit will enable the organisation to answer these 3 fundamental questions:

1.

What sensitive data do you hold?

Common data types are of type:

  • Personally identifiable information (AHV number, name, address, etc.)
  • Payment card information
  • Customer information
  • Intellectual property / proprietary information
  • General information for internal use only 
  • Information for public use (marketing,..) requiring fewer restrictions.

 

 

 

2.

Where does your sensitive data reside, both internally and with third parties?

Common data storage locations are:

  • On-site / network storage
  • Storage Cloud, SaaS (Software as a service)
  • Hardware storage, including laptops and desktops, mobile devices, external hard drives,...

3.

Where does your data go?

Define criteria and company policies

It will also be necessary to define the criteria and policies according to the needs of the organisation (for example, if an HR employee consults a salary slip, this is a normal process, if this document is opened by someone outside the department, an alert should be displayed and followed up. The program can also be customised so that an employee who has made improper use of a document receives an email informing them of their action, just as an employee who copies credit card data into a word document receives a notification.

A correct implementation of DLP can therefore mark data as sensitive and assign a high critical score. Common exit points for this type of data breach are corporate email, web mail, FTP, removable drives and printing. At each of these exit points, DLP can flag this activity.

The programmes

Finally, our experts will help you implement the right tools such as Microsoft Information Protection (MIP ) or Windows Information Protection (WIP)

Tell us about your project!

For more information, please contact us. Our experts will guide you through your project, from audit to implementation, your data will be in good hands.

+41 21 806 37 15
info@lambertconsulting.ch