In a normal course, business might send many kinds of data across the network. These might include sensitive information like social security number, credit card numbers and medical records and much more. If this information is being sent in the clear or is being sent to unauthorized personnel, then this would raise a significant security concern. To prevent this data leakage, Data Loss prevention is required, commonly known as DLP. Hence DLP stops or protects the data from being accessed by the unauthorized parties
What is DLP?
Data loss prevention (DLP), as defined by Gartner, is a technology which perform both content inspection and contextual analysis of data sent via messaging applications such as email and instant messaging, in motion over the network, in use on a managed endpoint device, and at rest in on-premises file servers or in cloud applications and cloud storage. These solutions execute responses based on policy and rules defined to address the risk of inadvertent or accidental leaks, or exposure of sensitive data outside authorized channels.
Thus if any violation is observed by the DLP, it implements its action plan with the help of alerts, encryption, and other defensive actions to avoid the end users from accidentally or maliciously sharing data that could put the organization at risk.
Technical Architecture of a DLP System
In an organization, data has many different sources and destinations. Hence, often a DLP solution needs to occur at multiple checkpoints on the data path in the network to ensure the security of data and avoid any leakage.
Endpoint: The starting checkpoint of DLP security measures can be implanted at the End user systems where endpoint data loss prevention tools can be used to watch for the security of data and avoid any vulnerability.
Data in Motion: The next possibility of data leakage can be “Data over network”. This data sent over the network is known as data in motion and can be protected by DLP appliances set over the network to constantly look for secure information. DLP appliances on the network look for data like social security number, bank details and other such information that shouldn’t be in the clear, thus ensuring the data security.
Data at rest: The last checkpoint for DLP is the data stored in the databases or files. This data to be protected is also known as “data at rest”. To protect this data we have a DLP system that will sit at the database and file servers and make sure that the data is not accessed by any illicit squad/ malicious party.
DLP on The Cloud
With the changing technology, all the data of organizations are now stored on cloud, leading to a requirement of protecting data on cloud. Hence to protect the data on cloud, DLP has introduced cloud based DLP solutions for organizations. This DLP works between the users and the internet, allowing every bit and byte of traffic through it. With this DLP functionality, no software or hardware has to be managed locally and every activity is performed on cloud. With the implementation of DLP, many other features can be added to organization’s security are below:
- An organization can create custom strings, looking for proprietary data or well known types of data in order to protect it from any data leakage.
- Using cloud based DLP, the organizations can also filter a particular URL that is accessible on the cloud .
- This cloud based DLP can also block malware and prevent viruses from getting onto your systems.
DLP on A Email system
With increasing phishing attacks, organizations also can be attacked via email systems through which a lot of inbound traffic enters the system and leaves the system. Thus, the majority of organizations track, monitor and filter each email coming into or moving out of the system. This can be accomplished by a local appliance or by opting for cloud based email filtering.
An Inbound email DLP looks for specific keywords to block and tries to identify forgery emails. Inbound emails can also quarantine emails that contain a certain type of data defined by the organization. Outbound email DLP’s are specific where outbound wire transfers, W-2 information and secure information like social security number etc can be captured on emails.
Benefits and Demand of DLP
With the increased risk of data security in organizations, enterprises are looking for ways to secure their data.
Gartner estimates that by 2021, 90% of organizations will have implemented at least one form of integrated DLP, up from 50% in 2017.
As identified in a report, there are 7 trends driving to DLP adoption. They are as follows:
- The Growth of Chief information security officer’s role: DLP provides clear business values and reports on data protection plans.
- Evolving compliance mandates.
- Expanded locations for protecting data.
- Increased Data breaches.
- Cost of organizational data if compromised.
- Lack of expertise in identifying sensitive data. Security expert shortage.
DLP in a workstation may not just stop the transfer of data on a workstation, but could also prevent certain tasks from execution. This can be referred back to the event where the United States Department of defense was attacked by a worm virus “agent.btx” through USB. This worm propagated to the entire department of defense, which led to banning the removable flash drives in the organization. Although this ban was lifted in February 2010, yet the department added very strict guidelines on using any removable devices on systems in future. Thus greeting DLP with a significant role in the world of security.