Data loss prevention (DLP), also known as data leakage prevention or data loss protection, is a technique that protects sensitive corporate data from leaving the company due to user negligence, mishandling of data, or malicious intent.
Data can leave the company through two main groups of channels — local channels (e.g., peripheral devices, such as printers, and USB drives) and places, i.e., network-based channels such as emails, web, and social media. Although some DLP solutions monitor only network communication, it’s best to monitor both local and network channels to ensure efficient data loss prevention.
How does data loss prevention work?
To protect digital data in their three fundamental states, DLP solutions implement three functional types to protect data in use, data in motion, and data at rest.
- Data in use (DIU) DLP controls data access and transfer operations in local channels, peripherals & applications on endpoint computers, including removable, fixed, and redirected storage, clipboard, printing, and screenshot captures.
- Data in motion (DIM) DLP prevents data leakage through network communications, such as email, webmail, instant messaging, social media, cloud-based and P2P file sharing, as well as HTTP(S), FTP(S), and SMB protocols.
- Data at Rest (DAR) DLP discovers exposed confidential content in data stored on corporate IT assets, such as file shares and NAS, endpoint file systems, databases, document repositories, and cloud-based storage. If unprotected data is in the wrong place, DAR DLP can automatically initiate various remediation actions to prevent uncontrolled access to this data and its exfiltration.
DLP systems use contextual and content-aware methods to prevent data leaks.
- Context-aware controls allow you to control data operations based on the operations’ context (environmental factors) — attributes such as involved users, channels used, type of accessed/transferred data, flow direction, or date and time.
- Content-aware controls allow you to control operations based on the actual information (data) that is being accessed or transferred.
Why is data loss prevention important?
There are many ways that data leaks can occur, including locally through peripheral devices and ports — such as printers and USBs — as well as through the network via email, social networks, instant messengers, or cloud-based file sharing. While some data access and transfer operations are legitimate, they still need to be strictly protected to ensure no inadvertent leakage due to user negligence. Others threaten to share sensitive data with unauthorized third parties and must be blocked entirely.
If sensitive data winds up in the hands of unauthorized parties, it can lead to:
Loss of intellectual property (IP)
Your organisation manages and stores extremely sensitive business data that differentiates your company, products, and services. These include financial, customer, and R&D information, brand and trade secrets, patents, formulas, recipes, designs, software code, search algorithms, and so on. All this data must always remain secure and protected. If it is leaked or lost, it can impact your company’s success and competitive position in your marketplace.
Non-compliance with regulatory requirements
Your business maintains a wealth of information about your customers and prospects. For example, if you are a B-to-C business, much of the consumer data you hold is private, whether it be Personally Identifiable Information (PII), PCI (card information), or Protected Health Information (PHI) – and must be secure from prying eyes.
If your business is subject to regulatory requirements – such as the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Payment Card Industry Data Security Standard (PCI DSS), and Health Insurance Portability and Accountability Act (HIPAA) – compliance fines, investigative and remediation costs can be significant if you experience a data breach or leak.
In addition to compliance fines and remediation costs, a data leak can require you to compensate affected customers and/or in the worst case, customers may choose NOT to do business with you. This can impact your brand reputation and ultimately your future revenues.
Data loss prevention best practices
To implement a DLP solution, you should follow these recommended best practices.
- Identify what assets should be protected against leakage. This is a big first step as many organisations do not have a listing of their information assets.
- Classify data by levels or categories based on what is sensitive and personal and what is not. You can use data classification software to help with this effort.
- Analyse your operations to define the data flows that are necessary for the business and those that are unnecessary for the business. Each business data flow used in the organisation must be specified – including its sender (or source), its recipient (or destination), the data channel used, and the classification of flowing data in terms of their allowed functional categories and sensitivities. The aggregate specification of all business data flow rules in the organisation constitutes its data loss prevention policy. When fully specified, the organisational DLP policy is used as the authorisation criterion when enforcing DLP controls over data transfer operations on protected endpoint computers: if a controlled operation matches to any of the allowing data flow rules in the policy, it is considered legitimate and allowed to proceed. However, any controlled operation that matches to a prohibitive rule in the policy or does not match any rule at all is unauthorised and must be blocked as a potential data leak.
- Pilot the system in a small part of the organisation to test how it works and ensure there are no problems or business process interruptions.
- Extend the deployment across the entire production environment.
- As new units, organisations, or processes are added to the business, define and include in the DLP policy those data flow rules necessary to conduct and protect relevant new business operations.
- Exceptions to the DLP policy must be managed on an ongoing basis. You can manage exceptions by having the system alert the security officer in real time for approval or have the security officer analyse the operation after the fact to determine if it was justified or malicious.
Data leaks are a security breach in which confidential, sensitive, or protected data is accidentally or deliberately released in an untrusted environment or to unauthorised users either outside or inside the organisation. Figure 2 shows the causes of data breaches with negligent insider breaches being the #1 cause, followed by cyberattacks and system glitches.
Here are some other statistics that clearly demonstrate the data risks associated with malicious or accidental insider breaches.
- 90% of organisations feel vulnerable to insider threats.
- 53% report to have experienced an insider-related attack in the last 12 months.
- 72% of employees share sensitive, confidential, or regulated company information.
- 45% of employees who accidentally shared information sent it to the wrong person.
- 35% of employees have shared information that they were unaware should not be shared.
What types of businesses need data loss prevention?
Regardless of size, every company and organisation needs to keep sensitive corporate information private. Examples of sensitive corporate information includes trade secrets, merger and acquisition plans, your corporate customer database, financial information, and planned product development activities. If this information gets leaked, your organisation can suffer serious consequences, lose revenues and its competitive position in the marketplace, even go out of business.
Likewise, any organisation that is in a highly regulated industry – such as government, healthcare, and financial services – and holds Personally Identifiable Information (PII), PCI (card information), Protected Health Information (PHI), or any consumer information that is subject to security/privacy requirements under a government or industry regulation needs a DLP solution.
Need help? Ask us if you want to know more about
Minimising insider threats. Prevent data leakage due to employee negligence or malicious insiders by blocking any unauthorized attempt to access or transfer data.
Gaining visibility into data protection. Reduce the complexity of data protection by using a single solution for thorough visibility over data flows and user behaviour. Cut reporting times with powerful built-in reporting tools.
Enforcing process compliance. Reduce information security risks and comply with IT security standards and regulations by enforcing data use and handling policies that users cannot avoid.