The Driver Behind This
Regulated and sensitive information can leave your environment quicker than you realize. Data loss prevention (DLP) systems can prevent this information from leaving your control in unauthorized manners. Whether that’s from an employee copying the information to take it so they can work from home or an adversary that has managed to infiltrate and embed in your environment – we’re talking about the insider threat. The ability to identify this information leaving your environment is crucial. This is being driven from a variety of regulatory and contractual requirements and you are on the hook to ensure the information you’ve been entrusted with is protected. It doesn’t matter if you’re talking about the information that has been provided by your customers, shared by your business partners or your own intellectual property – you must protect it. Being able to detect and respond plays a major role in supporting your claims of conforming with the relevant regulatory drivers, but also in the midst of responding to an incident where you have to know and get to ground truth on what data that you’re accountable for, left your organization.
Processes, Practices, and Activities That Address This Question
Before you can run, you must learn to crawl. To gain the greatest benefit and see value with a DLP system, you need to ensure a couple of things beforehand:
- You need to have a current and ground-truth data inventory – you need to know where your data is, who’s using it, why they need it and what they’re doing with it. You know where it’s supposed to be – but where else is it? If you don’t know, we’ll get to that in #3.
- You need to have a data classification and handling program established. The data needs to be appropriately tagged/identified so that the DLP system can identify what the information is and where it is and is not allowed to go to.
- DLP systems have a learning mode. Most of modern DLP systems can “crawl” through your environment and identify those unknown repositories. They can also sit in line on your network and inspect your network traffic, identifying traffic that appears to contain elements which warrant further analysis to decide on the criticality and sensitivity of the information it has identified.
- DLP is a technology that can be used to enforce the organization’s policies – to ensure that regulated or sensitive information is being handled properly.
- DLP is a technology but it is also a program that must be managed. This means you need not only the technology, but you need the right people and appropriate process in place to ensure success.
Common Pitfalls
- “Failing to establish a Data Classification and Handling, and by extension Data Loss Prevention, management program.” – You need to have a Data Classification and Handling program to enable the technology works as it’s intended.
- “Failure to properly tune the technology to the environment.” – It takes time and business representation (see previous pitfall).
- “Getting squeamish because of the amount of personal employee information you will see.” – I won’t lie or downplay it – you’re going to see some weird things. You’re going to learn more about your employees than you ever wanted to know. Therefore, ensuring you have the appropriate staff who can analyze and tune the system is important. While I won’t say that employees have an expectation of privacy (that’s based on jurisdiction), organizations need to be able to safeguard all the information they are entrusted with and ensure it’s not going outside of their control.
- “Afraid of being viewed or perceived as being ‘Big Brother’.” – I don’t want to sound like we’re saying everyone is Big Brother – but seriously, Facebook and Google track you’re your movements and search history. Siri and Alexa listen in on your conversations (Healthcare, legal – if you have an Amazon Echo or Dot, you may want to consider where it’s at when you’re having those confidential meetings – just saying). We live in a global society that surveils everything we do; from the food we buy to where we jog to what we stream to our TVs. You’re no more being Big Brother than anyone else.
Continued Reading