Most organizations will hold some kind of sensitive data on consumers, business partners, regulators and stake holders and can suffer a variety of consequences if a data security breach is suffered. These consequences can include financial to reputation damage depending on the type and level of data loss. A key element to any IT strategy will include data loss prevention and is usually divided into two major categories:
– Leakage: is loss of confidentiality in which sensitive data is no longer under the control of an organization and can include hacked customer databases used for identity theft purposes. In the largest single attacks of this type, hackers stole 130 million credit card records from one of the world’s largest payment processors;
– Damage or Disappearance: by either corrupted or lost. In 2009, a major mobile phone service provider in the US suffered widespread loss of customer data due to failure of third party cloud based storage.
With the recent high profile data loss example in the Irish banking sector, management are examining carefully the different prevention mechanisms and asking if they are adequate for their organisational needs.
Data Loss Modes:
Data exists mainly in following three states:
– Data at rest: resides in file systems, large central data storages and databases;
– Data at endpoints: resides at network endpoints such as USB, laptops, external devices, archived tapes and CD/DVDs;
– Data in motion: means data that moves through the network to outside world via email, FTP, Instant messaging and peer to peer.
An effective DLP approach should have the following capabilities:
– Manage: Define enterprise data usage policies, report data loss incidents, and establish incident response capability to take accurate measures;
– Discover: Define sensitive data, create an inventory and manage data clean-up;
– Monitor: Monitor the use of sensitive data, understand sensitive data usage patterns, and establish enterprise visibility across all data breaches;
– Protect: Enforce security policies to proactively secure data and prevent its potential loss or damage across the network endpoints, storage and intermediate devices.
In order to develop the mentioned capabilities, some of the main measures will include:
– Integrated Computer Security Management: Integration of a firewall with IDS can be configured to monitor the status of controlled devices;
– Instant Message Scanning: IM scanning should be implemented to detect transfer of sensitive data or malicious information;
– Content license migration without license reacquisition: Migration of any content should be facilitated under content migration section, conditions for the content that can be accessed or transferred;
– Mobile Access devices: Mobile access devices should connect to portal web server via secured interfaces;
Disaster Recovery Centers: for large enterprises with huge data requirements, there is always a disaster recovery center, where backups of the primary databases are replicated to a different physical location;
SaaS (Software as a Service): SaaS based DLP mechanisms are being implemented for limited DLP deployments. With the rise of cloud computing, new SaaS based solution for larger DLP deployments are in the pipeline. SaaS based DL mechanisms provide email security, content discovery, and web-filtering and monitoring.
Data security and integrity protection are key requirements for IT management, with advancements and continuous upgrading of IT infrastructure and with threat levels growing on a daily basis, solutions for DLP are becoming more complex and are increasing in priority within organizations.