Data Loss Prevention – the ABCs of DLP

Gone are the days of regulatory commissions focusing only on the largest of corporations and fines being viewed as acceptable risks. The compliance world has changed. Fines for violations of protecting data privacy are now common place. Organizations of all sizes are subject to regulatory scrutiny as the need to demonstrate compliance continues to grow. For many companies there are compelling reasons to contain their information assets, design ideas, patents in waiting or other intellectual property that give them a leg up in their industry. This information needs to be kept in house.

There are many software solutions that protect information from being intentionally compromised or corrupted by viruses and hackers. Keeping data safe from these types of threats has become automated as the use of tools and the processes of patching and updating virus definitions have become routine in our industry. The challenge is how do we prove that we are taking all necessary precautions to controlling the availability and integrity of our data from internal misuse as well as its distribution? Event logs and audit processes may be able to inform us of historical compromises however, knowing about a breach and preventing the breach are two entirely different creatures. This brings us to DLP.

Data Loss Prevention (DLP) technologies are based on a proactive approach to protecting data. Data classification and defining the rules of that data’s usage are essential in controlling it’s accessibility and how it can be distributed. DLP tools are instrumental in recognizing known patterns of data, Driver’s License numbers, Social Security Numbers, account information and/or other intellectual property and aiding in that classification. Once the data has been classified policies can be created for its care in any of the following three states:

Data at Rest

Data at Rest refers to information that is stored within an organization. This can be information stored on a file server or share, or in a repository such as SharePoint.

Data in Motion

Data in Motion refers to information as it moves around the organization. Examples include email, Instant Messaging, FTP and/or other protocols.

Data at the Endpoint (aka Data in Use)

Data at the Endpoint refers to information that is currently being used by staff on their computers. Examples include information the staff is printing, saving on a USB memory key or writing to a CD/DVD ROM.

DLP technologies use these data classifications and the corresponding policies to make real time authorization decisions. If a policy is crafted to only allow electronic personally identifiable health information (PHI or ePHI) to be shared via email to select recipients, all email leaving the corporate perimeter is scanned for PHI and only the appropriate emails would then be allowed to be delivered. This is done via deep packet inspection. DLP technologies allow for SMTP (Simple Mail Transfer Protocol) packets to be collected and reassembled then scanned as they pass the network perimeter. Similar rules could be implemented for internal email traffic between departments.

Let’s go with a hypothetical here, assume your company has had a break through in engineering and now possesses a revolutionary invention and its secrecy is mandatory until the patent is approved. All communications of the invention can be controlled via classification and policy, keeping it from being leaked into the market place prior to being awarded a patent.

Organizations of all sizes have needs in preventing the loss of their data. Whether the need is based on controlling their intellectual assets or the requirement to meet the compliance standards issued by regulatory commissions, DLP technologies are essential in solving these needs in an automated fashion and proves due diligence.