Data Loss Prevention: Technologies for Preventing Information Leakage

 

There is no doubt that the ease of processing, storing and transmitting the information that ICT gives us in turn makes it difficult to control it, to show the above: the leakage of information in digital media. This problem has been placed within the first four trends on cybercrime this year and it is also common news in the media, since the leak of the first four chapters of the new season of "Game of Thrones” to the theft of personal data in one of the most popular department stores in Mexico.

It seems that if the conditions are right, someone extracts or loses information that includes employment documents, databases with sensitive information, photographs or videos that the public can download in a matter of hours from the comfort of their personal device. 

INFORMATION LEAK

The main problem with information leakage is that the threats, vulnerabilities and poor security practices that lead to it occur in a wide variety of scenarios during the information life cycle: creation, processing, storage, transmission and deposition.

During the creation or acquisition of information, we forget to define what the rules for its use are going to be, thus starting the control problems. Who will have access? On what devices can it be stored? Who can it be transferred to? Can it be published? How long will it be useful? These are questions that we could ask ourselves at the moment of acquiring or creating said media, not only for employment information, but also for personal information.

The lack of control of the information worsens in the following state of the information: the storage. Today we have a wide variety of devices where we can store files and the bad practice is not to have control of where they are stored. This is why information inventories are in vogue in the workplace, practices that were exclusive to material goods.

When we transfer, share or publish the information, we completely lose its control; this is where the nightmare begins, because other people can misuse the contents: unauthorized copies and access to people, personal emails, storage on mobile devices, on the cloud, social networks, etc.

Last is the final state of the information (which we often forget): elimination. On the one hand, there is the little-used practice of secure erasure: what information could be obtained from our old USB sticks, from cell phones or from servers that are terminated at companies? and on the other hand, the difficulty of eliminating the information once it has left our control environment, for example, when it is stored on the Internet. 

 The problem is too big for a definitive solution, it involves people, technology, legal aspects, management, and at the same time, that the precautionary measures do not discourage the agile use of the information.

WHAT IS A Data Loss Prevetion?

One of the strategies that companies are adopting with more force is the use of Information Loss Prevention systems (own translation of Data Loss Prevention, DLP). It is a system because they are a set of technologies that prevent information leakage.

The fundamental principle of this series of techniques is based on a tool that is well known in the world of computer security: antivirus; only that instead of looking for all the recognizable forms of a piece of malware, this system looks for patterns and signatures of the information that we consider sensitive.

Additionally, other DLP software are distributed throughout the IT infrastructure (primarily desktop computers and network devices) to cover all information states and leak points.

The owner of the information can define if any file, database or some type of data in particular (such as the number of a credit card) should be analyzed and, where appropriate, blocked if it is transmitted by any means. These tools can be configured from the simplest and most agile classification (public or private) to the most complex scheme.

While the information is stored on one or more computers, the owner can carry out an exhaustive search (just as an antivirus would do in the search for malware on the computer) and discover how many copies of the information or the same data are distributed over technological infrastructure and thus proceed to its organization, control or elimination. Can you imagine in how many documents, storage devices and old emails you have left a file with sensitive data?

Perhaps the most interesting functionality is the monitoring and blocking of any unauthorized transfer attempt of the protected data. This works with the same technology as a firewall, which stops an attack pattern, but in this case sensitive information is prevented from leaving if it is not allowed. For example, a user about to send a copy of the financial report to his personal email (to review it at home) will be stopped from the email client or browser, he will also be stopped when uploading it to the cloud and his operating system will not will allow you to store it on your USB memory, if so established.

Well, for the user not specialized in computing, a Data Loss Prevention may seem like another means of control. That is why it is necessary that this type of mechanism be accompanied by an important aspect: an informed awareness of why certain type of data will be protected in this way, be it due to legal implications (as in the case of the Federal Law on Protection of Personal Data) or because of its criticality for the business (as in the case of the leaked chapters of "Game of Thrones").

It is also important to emphasize that these types of systems require maintenance by specialized personnel and are not infallible, as they can present “false alarms” due to imprecise policy settings or the definition of incorrect search patterns that will generate more than one pain of head.

However, as I mentioned at the beginning of this article, information leakage is one of the biggest trends in security. With the improvement of these technologies and their integration with others such as DRM, the problem should be considerably reduced. Do you think that one day this technology will be commonly used by home users on their computers and mobile devices like antivirus or personal firewall did?