Data Loss Prevention
& How to prevent Data Leakage
Today cybercriminals are more sophisticated, organized, and better funded than ever. All companies, in all sectors, face the threat of data theft. According to Gartner data, 50% of organizations already have some form of built-in DLP in place, a figure that will almost double to 90% by 2018. Companies not only need to protect corporate data, but must comply with regulations that require user data to be protected, data loss prevention, or DLP, can help them meet this dual goal.
There is
currently a significant gap between employees who care about data use and
policy management and those who do not, a gap that creates significant
challenges that are driving interest in DLP solutions.
One of the
challenges is the inability of many companies to enforce data usage and
handling policies. And it is that it is useless to have policies if in the
end they are not applied. In this sense, DLP solutions are designed to
prevent unauthorized users from sending confidential or unauthorized data
outside the corporate network.
The demand for DLP solutions has increased in recent years due to constant security breaches and a lack of employee training to keep data safe. On the other hand, we must not forget the impact of regulations such as GDPR, which promote data protection and penalize breaches. DLP solutions can help protect data at rest, in motion, and in use; they also take into account many channels through which the loss can occur, such as email, the endpoint, the network, etc .; they also help centralize and enforce policies to prevent data loss.
Such
challenges include classifying and labeling intellectual property files and
other sensitive business assets for the degree of confidentiality required, and
then using business rules to allow an administrator to control what information
users can transfer and how.
Cost of a Data Loss
Data
breaches are getting more expensive. This was revealed by a study by the
Ponemon Institute sponsored by IBM published last summer that determined that
the average cost of a data breach is 3.86 million dollars, 6.4% more than the
2017 report.
The
figure may be even higher since, according to the study, the average cost of a
breach in which one million records have been lost is nearly $ 40
million. If the affected data increased to 50 million, then the average
cost would be 350 million dollars,
By the way, there are factors that can
reduce the average cost of a lost record ($ 148), such as having an incident
response team, which would put the average cost at $ 14. The report also
found that large organizations have to deal with an average of 20 data
loss incidents each day. On the other hand, although DLP solutions
have multiple methods for detecting incidents, including regular expressions,
dictionary-based rules, and unstructured data, only 40% of respondents said
they use only one of these methods; and 5% said they did not know how the technology
works.
Most
companies only use DLP for email or similar applications, rather than covering
all the paths that data can be lost or leaked.
Another interesting piece of information from the report: 74% of those surveyed claimed to feel vulnerable to internal threats, 7% more than the data from the previous year. 56% attribute this feeling to the higher frequency of internal attacks, while 54% point to a growing number of devices with access to confidential data.
For the first time this year, the report examined
the effect of security automation tools that use artificial intelligence,
machine learning, analytics and orchestration to augment or replace human
intervention in identifying and containing a breach. The
analysis found that organizations that had extensively implemented automated
security technologies saved more than $ 1.5 million in the total cost of a
breach.
DLP also in the Cloud:
In
an as a Service and cloud-based business model, on-premise Data Loss Prevention
strategies are not enough to protect company data. It seems clear that as
more workers upload, store and share corporate data in private and public cloud
environments, organizations must face the realities of protecting the data that
user’s access from anywhere and at any time through a combination of approved
and unapproved devices in services with varying degrees of
security. Monitoring and controlling data that is stored in cloud services
and downloaded to devices outside of the company network has become critical
for CIOs and CISOs in today's environments.
The DLP market in 2017 was valued at 1,470 million dollars and is expected to achieve an average annual growth of 23.59% between 2018 and 2023 until reaching, at the end of the period, 5,240 million dollars. If we go to the cloud, the Cloud DLP market was valued at $ 740 million last year and is expected to reach $ 3.17 billion by the end of 2023, which means an average annual growth of 27.5%.
The
biggest challenge in protecting data in the cloud is that, unlike data stored
on a network, it is typically not located in one place. The data could be
stored in a number of locations, such as an enterprise cloud storage solution like
Amazon Web Services or even a Hadoop database, where the data is dispersed in
thousands of chunks. At least organizations are aware of those storage
locations.
To
implement an effective data loss prevention solution, security administrators
need to understand what cloud services employees are using and what type of
data they are sharing, as well as how and when.
And that brings us directly to the
makers of CASB, or Cloud Access Security Manager, as a way to find out
what is happening to your data in the cloud. The second option is the use
of APIs within the cloud application itself to inspect the data; it's a
simple option, but it only inspects the data once it reaches the cloud, leaving
it vulnerable while in transit.
Cloud
access security brokers (CASBs) began to appear about six or seven years ago to
give visibility to what was happening in the cloud. Businesses can run
CASB tools on-premises or in the cloud, and most integrate easily with existing
on-premises DLP
solutions. In this way, organizations don't have to start from
scratch, but simply extend their existing DLP to the cloud.
DLP Policies
To
monitor and control the flow of confidential data, DLP Solutions/ Tools
establish policies. A DLP policy contains one or more rules, consisting of
conditions, exceptions, and actions related to data, files, or messages to
detect and prevent data leaks. Through DLP policies, organizations can
define:
·
What
data can and cannot be sent, published, uploaded, moved or copied and pasted
·
Where
data can be transmitted
·
Who
can send and receive data
·
How
the data can be shared
Policies
tell the DLP tool what data to look for and when to act by defining content to
detect (for example, data type) as well as context (for example, file type,
file size, sender, or recipient). Thus, when a condition is detected, the
system reports a policy violation, initially considered an
incident. Policies may also exempt certain data or activities from meeting
the condition.
The
policies also instruct the DLP tool on how it should act to protect content
when a number of conditions are met. Different actions can be applied (log
the violation, notify the user, encrypt a file, lock the copy of the data to
the clipboard) depending on the level of risk.
A
DLP policy can apply to one or more data leak channels. It does not need
to be company-wide. It may be more appropriate to limit your application
to certain users, a group of users, or a geographic region. DLP policies can be
created using predefined templates or by creating custom policies. Most DLP Solutions/ Tools
provide a library of predefined policy templates to detect data that is subject
to regulatory requirements, such as GDPR or the Payment Card Industry Data
Security Standard.
Other
policy templates are more generic and designed for different use cases, such as
protecting certain types of sensitive data (for example, content classified as
"top secret", information related to oil drilling, or software design
documents) . The tools can also include policy templates to detect
acceptable use violations (for example, indecent images, profanity or racism)
and employee discontent (for example, the distribution of a resume).
Predefined policy templates should be customized to meet the specific needs of
an organization, providing a quick and easy starting point for implementing DLP
tools.
DLP's role in complying with GDPR
GDPR,
the data protection regulation of the European Union, has been mandatory since
May 25, and has been one of the drivers of the increase in the adoption of DLP
solutions.
One
of the principles that the legislation requires is the protection of personal
data, preventing them from being lost or leaking, being in use, moving or at
rest. With this in mind, it becomes clear that the Data Loss Prevention
market is on the front lines in helping companies comply with GDPR in a number
of ways.
First of all, DLP helps to know where
personal data is stored, which is one of the requirements of GDPR. Most DLP Solutions/ Tools
offer discovery services that allow the identification of the information and
its location, very useful in case of request by the data protection agency or
if a consumer wants to make use of the famous Right to be forgotten.
GDPR
also requires that the personal data collected is deleted when the purpose of
such collection has been completed. With the services mentioned in the
previous point, administrators will be able to delete personal data
remotely. So, in a generic way, administrators can control what personal
data remains on company networks and devices.
The
regulation also requires that it must be ensured that personal data is not used
for any other purpose outside of the services for which it was
designed. DLP solutions can help meet this requirement by monitoring data
in use, enforcing policies that restrict or block its transfer outside or
within the organization. As a consequence, users will no longer be able to
upload, copy, paste or print personal data.
GDPR introduced the concept of security by
design and holds companies
legally responsible for any loss or unauthorized use of the personal
information they collect. DLP solutions were built to prevent such
incidents.
Clearly,
DLP solutions
provide unparalleled insight into a company's data, allowing administrators to
set strict rules regarding specific sets of sensitive data. In the age of
GDPR, there are no excuses for companies to lose their data.
No comments:
Post a Comment