All or nothing
One of the biggest misconceptions of DLP is that it is seen as an all or nothing project. It was assumed that businesses would have to categorise all of the company data at the start of the project, which could be very costly and take up a large portion of time with no results. This could and did lead to the failure of projects which ran longer and required larger costs than anticipated.
In fact the best approach to this problem is to start small and then expand the scope of the program as required. Identify and protect the most critical data first and then slowly expand the program. The secondary benefit of this is that the first successful implementation provides a business case for securing continued expansion, rather than pitching for a large upfront investment.
There are several methods and processes that DLP solutions use – this is a quick overview of some of the main ones. Data categorisation is used to determine which data needs heightened levels of security and what does not. As outlined above this process does not need to include all of your data, instead a small amount of critical files can be tracked which are then given extra levels of monitoring and protection. This system is useful as it provides a method for monitoring the use of crucial company information, and can quickly detect a misuse which can alert the IT team to a breach.
User profiling creates dynamic user profiles which can track regular activity and use this to detect when abnormal activity occurs which could suggest a breach. For example, if a member of the creative team only accesses the creative drive for months but then begins accessing the finance drive this can raise a red flag and the account can be investigated.
There are also other tools available such as tracking outgoing data and restricting access to critical files, but as with any good security program it is important that these are deployed in tandem with an education program. This will ensure that red flags are not raised accidentally by employees as these false alarms will have to be investigated and could lead to delays in spotting the real threats.
Business benefits from deployment
DLP solutions and data management tools bring broader business benefits beyond the security space, which can aid in making a strong case for their deployment. The visibility created over the movement of company data can aid you in determining the weaknesses in your system. It can also aid you in exposing erroneous business practices. A good example comes from a telco provider that installed a DLP solution and discovered more than 30 questionable processes which no one was aware of.
Gains can also be made when dealing with compliance regulation as there has been a recent increase in planned legislation for data protection within the UK, the EU and globally. For example, the proposed EU General Data Protection Regulation will see larger fines imposed on companies that suffer a breach compared to current regulations. DLP solutions can aid a company in compliance with this regulation, and also help with reporting breaches as it can track the destination of the data and determine the extent of the attack.
Adopting DLP solutions can also lead to a more flexible security environment which benefits employees. Traditional security solutions were designed to block data based on the source, destination and channel. This is an inflexible approach which does not take into account the modern dynamic of the web and social media. Employees want to be able to access social channels whilst at work, yet security teams are reluctant to allow this as it would be possible for sensitive files to be shared from personal email accounts.
However, DLP solutions make it possible to control what data is being shared, which allows the company to feel secure offering more flexibility in its security policies. Ultimately these additional benefits are secondary to the necessity of protecting critical company information; however, they are a useful addition for accurately demonstrating the benefits that a DLP solution can bring to a company.
It seems that barely a week goes by without yet another report appearing in the media about a high-profile leak of confidential data – and what makes it into the news only represents a fraction of all the incidents that occur, with many businesses hushing this up within the organisation. There is most definitely a need in most companies for an increase in awareness of threats and responsibility to protect business critical data.
This is the time for organisations to begin implementing, reviewing and enhancing security procedures. Do not wait for there to be a successful attack and to suffer the loss of revenue, customer trust, and the potential loss of critical data. Security requires constant vigilance and an active approach and this is growing more pressing as the world becomes more connected.
Organisations can benefit from DLP solutions in various ways and should view it as an investment. Organisations simply cannot overlook DLP technology and procedures – it is vital to protect sensitive data, and maintain the trust of your customers and your edge in the market.
- Lior Arbel is the CTO of Performanta Ltd