Data Loss Prevention

The primary objective of a DLP solution is to maintain the confidentiality of sensitive data by preventing loss through accidental or malicious means. This may relate to where data is:

• Sent outside of the corporate network via email
• Uploaded to cloud services
• Transferred from a secure to an insecure location within the corporate network
• Moved on to removable storage device

As the name suggests, DLP has a focus on protecting data that resides inside the corporate network. It therefore looks to combat the risk from insider threats as well as malicious third parties infiltrating your network and trying to export data thereafter.

The term insider threat can relate to both bad actors with malicious intent as well as those staff who are negligent with their actions, with the consequences placing the organisation at risk.

DLP can also be regarded as a tool to help with achieving compliance. Some regulations and standards such as PCI DSS or HIPPA will specify that due to the sensitivity of the data, it can not reside in unsecured cloud environments. As such, through the use of well-applied defined policies, data can be forced to remain within the secure environment.

DLP efficiency can be greatly improved through the integration with a classification tool. By marking the metadata with detailed handling information, a DLP solution can read the further information and more accurately enforce corporate policies.

One of the major challenges with DLP is its ability to apply policies to encrypted data. In the past, organisations simply treated all encrypted data as trusted and therefore let it move around and in/out of the organisation freely.

However, with the development of malware now hiding in encrypted data or tunnels, DLP solutions have had to evolve. Many solutions are now able to decrypt the data for inspection purposes, re-encrypting if required. Alternatively, DLP can be configured to integrate with encryption solutions or have stand-alone SSL decryptors deployed.