“It will not suffice to have customers that are merely satisfied. Customers that are unhappy and some that are merely satisfied switch. Profit comes from repeat customers–those that boast about the product or service.”W. Edwards Deming, Out of the Crises
Nothing is more important to your company than its customers, and an important part of keeping them satisfied can only be accomplished by using your customer’s information. For this reason, preventing the loss of their PII (Personally Identifiable Information) data is one of the most critical areas of cybersecurity. We are all too familiar with the potentially disastrous consequences of losing this personal information, which can serve as the basis for hacker attacks, affect customer privacy, and badly damage your company’s reputation.
I work with NorthState Technology Solutions as an onsite representative at a global retailer to help protect their data, as part of an approach called data loss prevention (DLP). Increasingly, this is no small task for any business. It is predicted that the volume of online data will reach 44 trillion GB by 2020. To add to the problem, corporate networks are evolving as they shift to the cloud and a far less defined perimeter. As a result, companies are becoming extremely interested in DLP.
What is Data Loss Prevention?
DLP is a set of software tools and processes used to assure that business-critical data is not misused, lost, or accessed by unauthorized users. DLP classifies data to identify violations of company or regulatory policies, and then helps to remediate those violations with alerts, encryption, and other actions. It can also be used to monitor the network from its endpoints (such as phones) to its storage systems, data streams, and the cloud. It also lets you create reports to demonstrate compliance and audit, as well as finding areas of weakness or vulnerability.
Overall, the role of DLP is to identify, monitor, and protect:
- Data at rest (in storage or on desktops, laptops, phones, or tablets)
- Data in motion across the network (in-house traffic)
- Data in use within an application
In other words, DLP software provides a management framework to help detect and prevent misuse of information, both in and outside the company. It also protects against user errors or malicious acts that may lead to a data breach, and performs user behavioral analysis.
How DLP Helps Your Business
DLP’s capabilities allow your organization to:
- Protect data against new potential threat vectors such as the Internet of Things (IoT)
- Protect your company against the liability, negative exposure, fines, and lost revenue associated with data breaches
- Monitor your organization for inappropriate employee conduct
- Maintain records of security events
- Automate corporate governance to help assure compliance with government and industry regulations
- Maintain a competitive advantage in brand and reputation
Three Use Cases for DLP
For example, you can use DLP to accomplish the following:
- Protecting Personal Information and Achieving Compliance: Many organizations collect Personally Identifiable Information (PII), Protected Health Information (PHI), and/or Payment Card Information (PCI) from their customers as part of doing business. However, this also means that they must meet privacy standards such as the new European GDPR, HIPAA, and PCC DSS that define how you must protect this sensitive data. Companies can be fined for failing to comply with privacy standards, costing money, time, and customer confidence. DLP software identifies, classifies, and tags the data; monitors all activities and events regarding it; and reports details for audit.
- Context-based classification: DLP can also protect your firm’s proprietary or intellectual property by classifying both structured and unstructured data based on pre-set policies and controls.
- Data Visibility: DLP further allows you to track your confidential data to know where it’s stored and how it’s being used throughout your network, endpoints, and the cloud.
A Day in the Life of a DLP Practitioner
On-site SME (Subject Matter Experts) like me have the job of enforcing security policies to prevent unauthorized access or use of data, while monitoring, detecting, and blocking sensitive information. We set policies for DLP software tools to regularly scan file servers to find information deemed to be sensitive or confidential, such as credit card data. We examine incoming messages, outgoing traffic, and data that is shared with partners and vendors. We also keep an eye out for unusual patterns of behavior. Working closely with the internal IT team, we give them a sense of how information is moving around the environment.
We then perform incident analysis on potential positives. If an incident is found to be a “true positive,” we escalate the situation to the appropriate managers and help them with remediation. Most of the problems I find are not based on malicious behavior — in fact, the vast majority are simply human error. This is true across the board; for example, the Equifax data breach in 2017, which exposed the records of nearly 146 million Americans, was due to their IT team failing to pay attention to standard warnings when implementing security patches.
However, in an internal environment, especially one that includes partners and vendors, there’s literally no way to catch every potential glitch without the support of the users. Yet most employees are just not used to focusing on security issues. Therefore, one of the key parts of my job is to fill this gap by helping to identify issues that require further education. By maturing employees’ viewpoints, we help make the company more secure. Going even further, an organization that wants to double-check their level of security may request a penetration test and risk assessment. Our testers serve as “ethical hackers” to challenge the existing networks to find vulnerabilities and recommend remediation.
I come from a background of business administration and education, to which I have added my IT training. This helped me to understand early on that the point of the business is to do business — and my job is to help companies do business in the safest way possible. When properly deployed, DLP gives you the visibility, control, and coverage to protect your systems against data loss, misuse, and attacks.
Developing a complete data loss strategy shouldn’t just be a postscript to your security plan. It plays an integral part of staying on top of security, remaining compliant, and — most important of all — keeping your customers.
I’m happy to answer your questions about data loss prevention — please feel free to contact me!