DATA LOSS PROTECTION
Digitally stored data are frequently as valuable and important to organisations as their physical assets – or indeed more so. And they face similar risks as physical assets: They can be stolen, damaged or ransomed by criminals, but are also at risk from the activities – criminal or negligent – of employees or friendly third parties with digital links. In the age of GDPR and other robust privacy regulations, we tend to focus on Private Information (PI) such as addresses, credit card details, passwords, health information and so on. However, companies also need to protect IP (Intellectual Property) assets such as design blueprints and corporate strategy documents. Digital data can be ‘structured’ (meaning stored in a regular, easily searchable format such as a database), and ‘unstructured’ (emails, PDFs etc), and needs to be managed both ‘at rest’ and ‘in transit’ (ie while being transferred by email, FTP and so on). PI and IP data may, of course, also reside in the cloud.
Apart from the direct commercial implications of damaged or stolen data and trade secrets, GDPR regulations can result in severe fines for companies that suffer data breaches or are found not properly to be applying the regulations. DLP solutions can help mitigate against both of these risks.
Arguably, DLP is synonymous with information security, as nearly all aspects of the broader field are concerned with maintaining the confidentiality, integrity and availability of data, including malware management, encryption, firewalls and so on. However, specific ‘DLP software’ tends to focus on the following narrower definition of “detecting and preventing unauthorised exfiltration or damage of [sensitive] data”. This entails locating the data – a job that is harder than it sounds given the wide range of locations (including cloud storage, mobile devices etc) where it may be stored. Once the data has been located, DLP software monitors it, looking out in particular for unusual-looking behaviour (UEBA) such as file transfers at strange times or with unexpected destinations. Policies can be set up that apply different rules in different circumstances, depending on who sent the data, the type of data, the channel being used and so on, with certain situations resulting in the flow being blocked and a range of other responses.
Forcepoint offers a comprehensive DLP solution that protects against data exfiltration using a wide range of different media (email, cloud, print etc), including a feature called ‘Drip DLP’ that can spot the so-called ‘low and slow’ exfiltration technique whereby sensitive information is broken into small pieces and leaked – inconspicuously – over a long period of time