Preventing data loss, protecting the enterprise: DLP today
As the third decade of the 21st century begins, there are few areas of life where information hasn’t been digitized.
In businesses and organizations, ‘hard copy’ on paper of documents and intellectual property is less and less common— although it has to be said, most workplaces still sport a printer in the corner of the room!
Protecting an organization’s property when it’s entirely digital requires an approach that has to shift continuously, adapting to new threats and, conversely, new working methods.
Only ten years ago, storing information ‘on the internet’ was a rare practice. Today, of course, business-critical applications and storage take place in the cloud as a matter of course, and data protection methods have had to adapt to keep pace.
For any business to protect its data, there is a fundamental three-step approach that’s deployed typically. However, to regard the three steps as a hardwired chronology would be a mistake.
Rather, the three processes have to be used circularly to affect those changes briefly mentioned above; in working practices and in changes in data threats over time.
The three steps or processes comprise: discover – classify – protect (and repeat ad infinitum).
A. Data discovery
There are software solutions available from specialist vendors that have the single function of discovering where data might be residing in an enterprise of any size.
Information often exists in so-called silos, usually attached to point, or specialist software solutions: CRMs, or HR systems in a separate existence from finance data, for example.
Additionally, most businesses operate from some in-house data stores and applications, and some held in public or clouds (like Box), or in remote business applications running as a SaaS, for example.
B: Data classification
Forrester recommends that data classification measures should not render too many strata of data types as too much detail in the various types of data can be confusing or be open to too high a degree of interpretation.
That makes good sense in general, and when finalizing classification definitions, companies might need to think about formulating their rules in terms of access privilege, or according to outside strictures, like GDPR (whether data pertains to EU citizens), or industry practice (like whether data is anonymous; in healthcare settings, for example).
C: Data protection
To protect data, and therefore the business’s intellectual property, there are three significant threats which need to be addressed:
– external attack by malicious parties, usually in the form of malware, phishing, hacking, etc.
– accidental loss, like an email with attachment sent to the wrong recipient outside the company.
– malicious internal threat, typically resulting in data exfiltration by disgruntled employees, ex-employees, or contractors.
It’s worth noting that the second and third items above are commonly grouped together and termed “insider threat” — an issue which the companies featured below address.
Most enterprises of any size operate cybersecurity measures that today should be firmly concentrated on threats posed to individuals in the company.
Most successful “hacks” are not the result of bad actors getting around perimeter defenses but instead are perpetrated by employees clicking on rogue email attachments or entering information into rogue websites.
Of course, perimeter defense is still vital, as is endpoint protection for any connected device on the company WAN, and those types of measures now should extend right across the enterprise network, to the cloud and online services that use the company’s valuable data.
Educating users at all levels in the organization is essential, and any such program can also help staff improve their general online hygiene— making staff more generally aware of the dangers posed by individual practice, for example.
That will, in turn, help prevent a good percent of accidental data loss for the organization, although humans will always remain susceptible to making the occasional error!
Data loss prevention or protection solutions (as featured below) are designed to address the third type of threat to digital property; that of malicious information removal. However, the definitions above should give readers the message that the lines between the threats to the business are blurred.
Therefore, the solutions we’re featuring on TechHQ often extend their use case into other areas, too. Making employees aware of the sensitivity of even anonymized data, for instance, might be a personal data hygiene issue addressed as part of a cybersecurity training program for staff.
But the lessons learned apply to data loss prevention measures too.
Balancing prevention and empowerment
Cybersecurity teams are fond of the phrase “zero-trust environment” and, in some ways, achieving such a set of working practices would be ideal, were it not the other side of the coin, which is the need to give employees and staff at all levels the tools and information they need to work efficiently.
Efficiency metrics are not improved by overbearing strictures placed on data access, the need to manually check-in and check-out every document in the enterprise, and the seeming intransigence of security teams.
Therefore, what organizations need to seek is an effective balance between “zero-trust” and “zero friction.”
There are no hard and fast rules to achieve this waypoint between the two extremes. Still, one thing is for sure: like the repeating steps of discover, classify and protect, which much be continuously cycled, keeping the balance between efficiency and protection is also a process of constant self-appraisal.
We hope that of the three companies featured below, one or more will help our readers achieve such a balance to help them protect their valuable digital assets.
Code42 provides next-generation data loss protection — that makes it distinct from “traditional” DLP. It’s a platform that protects by knowing where data lives and how it moves across the enterprise, rather than examining users’ devices and trying to catch potential insider threat-type behaviour using security policies.
The philosophy underlying the solution company is simple – it ensures that employees can carry out their everyday work without hindrances caused by preventative measures. After all, the barriers that are created by simplistic, rules-based security policies in legacy DLP have to have holes punched through them, for the business to function at all!
Instead of policies that hope to catch the next potential data leak, a single agent monitors data activity across the entirety of the network — on-premise, in the cloud, or in transition. At key times of stress, like when an employee is known to be leaving, or during mergers & acquisitions, the intelligent alert system becomes more sensitive. At other times, the contextual awareness ensures that teams aren’t swamped with false positives.
This next-gen DLP from Code42 keeps canonical records of data and its movements. That means files behaving in “out of the ordinary” ways can be flagged and examined by human operators for content — that’s verbatim, not metadata. You can read more about this platform here.
With a byline of “human-centric cybersecurity,” Forcepoint is tapping into the latest cybersecurity thinking— that of concentrating efforts on the people in an organization not necessarily on the perimeter protections within which they happen to work.
That means protection of individual users, of course but, conversely, the company’s DLP platform proactively protects the company against data exfiltration by staff or subcontractors, temporary or freelance workers.
The extensive range of solutions includes the ability to recognize and protect unstructured data; typically, this comprises handwritten text, ad hoc printouts, and engineering drawings and blueprints. But under the auspices of the DLP solution, each is protected as well as a “traditional” electronic document.
The company’s DLP integrates seamlessly with existing systems like Microsoft Azure Information Protection, and security teams can enable Microsoft Rights Management technology to share information with trusted third-parties safely.
Logfiles and SIEM platforms can be leveraged to fuel behavioral analysis routines to track unusual behaviors such as non-standard data movements— especially at certain times like during annual reviews.
To learn more about these seasonal shifts in alert stances, and more, read more here.
The basis of Digital Guardian’s offering is its ARC (Analytics and Reporting Cloud). That’s a centralized place where all data use across even the most complex hybrid cloud networks can be overseen. That means cloud databases, pay-as-you-go external services hosted in public and private clouds, on-premise apps and services, and even movements of files to individuals’ personal filestores, like Dropbox and Box.
The clever analytics that underpin ARC can filter out false positives, only triggering preset alerts for security staff and threat hunters when its comprehensive rulesets are breached.
The cloud-based nature of the solution means that individual endpoints (or user devices) don’t have to store masses of data that details every activity.
Instead, the lightweight security agent (or code snippet) feeds the central intelligence in real-time, making sure that SOC officers can react quickly— often remediating a potential issue with a simple right-click plus contextual menu action.
The entire solution was written by, and for security teams tasked with exactly what the software is designed for— so this is a solution with many years baked in, ready to hit the ground running.
You can get more information from a Digital Guardian free demo here.
*Some of the companies featured are commercial partners of TechHQ
27 March 2020
27 March 2020