01:19
It's no secret that security breaches are on the rise, and business security defences are under scrutiny as a result, with many seemingly unprepared organisations out there (last year, an Ernst and Young report highlighted the deficit in IT security with only 4% of the 1,900 executives interviewed reporting that they had sufficient cyber-security defence measures in place).
As a result, more than ever, governments and businesses are being fined for data breaches which could and should have been avoided. But what steps can IT managers take within businesses or departments to ensure their data is protected, and how can they convince the board that each solution is worth the investment?
Businesses today are turning to Data Loss Prevention (DLP) solutions to protect business critical data for a variety of reasons, but all with three common objectives: to increase productivity, assert control over data, and facilitate cost savings. DLP is now undoubtedly a necessary and business critical part of a modern company's IT infrastructure.
This article will offer some insight into several aspects of DLP solutions starting with some common misconceptions, an overview of the different types of DLP processes, and of the business benefits gained from deployments.
An outdated approach
For many years the information security market focused on protecting an organisation's network from the internet. The assumption being that all incoming traffic from the internet is potentially dangerous and needs scanning. However, a contrasting approach was applied to outgoing data which was usually left untracked. Companies believed they could protect themselves from incoming threats and therefore none of the outgoing data was at risk unless there was information proving otherwise.
This presents a large problem as if one attack is successful it could spread throughout the network targeting critical data. As the major point of hacking is to steal information, it still has to leave the network which is when it can be detected. Critically a DLP solution can expose sensitive data in transit, in use and in rest.
For example, if there is an attacker who has breached the network and he is sending a file out, his programs likely use a different encryption method to the server standard. By tracking the encrypted data its destination can be discovered which allows a company to determine the appropriate response i.e. legal proceedings.
Demands business input
DLP solutions are deeply entwined with the business process and therefore need business engagement. Any legacy issues with DLP were due to a lack of data education and strategy. When DLP was originally developed, people thought that it could be treated like Intrusion Detection Systems (IDS) and be given to the IT teams as a data loss solution. However, due to the nature of DLP, it requires business input to determine what data is critical.
New hybrid approaches, where both the business and the security teams work on the DLP system, have led to some very successful implementations. As a result, organisations can rectify security issues by providing the business visibility to information that leaves the organisation as well as creating a greater awareness of some of the bad business processes operating within the company.
Data denial
DLP solutions provide greater visibility; this has not always been a desirable quality in business. In the past there was an attitude – especially in some smaller companies – that if you weren't looking for a breach then you couldn't discover one, and therefore you wouldn't have a legal obligation to report it or suffer legal repercussions as you could not have known.
This is becoming increasingly unacceptable as an attitude, and the costs of a hacking scandal are far greater than just the fear of being fined. Take for instance the Qinetiq scandal, where it was revealed that there had been a leak on the Qinetiq server for three years and some of the firm's intellectual property was stolen. This not only cost them revenue, as some of their competitors obtained their blueprints and were able to produce equivalent technology, but also inflicted reputational damage as well.
All or nothing
One of the biggest misconceptions of DLP is that it is seen as an all or nothing project. It was assumed that businesses would have to categorise all of the company data at the start of the project, which could be very costly and take up a large portion of time with no results. This could and did lead to the failure of projects which ran longer and required larger costs than anticipated.
In fact the best approach to this problem is to start small and then expand the scope of the program as required. Identify and protect the most critical data first and then slowly expand the program. The secondary benefit of this is that the first successful implementation provides a business case for securing continued expansion, rather than pitching for a large upfront investment.
DLP methods
There are several methods and processes that DLP solutions use – this is a quick overview of some of the main ones. Data categorisation is used to determine which data needs heightened levels of security and what does not. As outlined above this process does not need to include all of your data, instead a small amount of critical files can be tracked which are then given extra levels of monitoring and protection. This system is useful as it provides a method for monitoring the use of crucial company information, and can quickly detect a misuse which can alert the IT team to a breach.
User profiling creates dynamic user profiles which can track regular activity and use this to detect when abnormal activity occurs which could suggest a breach. For example, if a member of the creative team only accesses the creative drive for months but then begins accessing the finance drive this can raise a red flag and the account can be investigated.
There are also other tools available such as tracking outgoing data and restricting access to critical files, but as with any good security program it is important that these are deployed in tandem with an education program. This will ensure that red flags are not raised accidentally by employees as these false alarms will have to be investigated and could lead to delays in spotting the real threats.
Business benefits from deployment
DLP solutions and data management tools bring broader business benefits beyond the security space, which can aid in making a strong case for their deployment. The visibility created over the movement of company data can aid you in determining the weaknesses in your system. It can also aid you in exposing erroneous business practices. A good example comes from a telco provider that installed a DLP solution and discovered more than 30 questionable processes which no one was aware of.
Gains can also be made when dealing with compliance regulation as there has been a recent increase in planned legislation for data protection within the UK, the EU and globally. For example, the proposed EU General Data Protection Regulation will see larger fines imposed on companies that suffer a breach compared to current regulations. DLP solutions can aid a company in compliance with this regulation, and also help with reporting breaches as it can track the destination of the data and determine the extent of the attack.
Adopting DLP solutions can also lead to a more flexible security environment which benefits employees. Traditional security solutions were designed to block data based on the source, destination and channel. This is an inflexible approach which does not take into account the modern dynamic of the web and social media. Employees want to be able to access social channels whilst at work, yet security teams are reluctant to allow this as it would be possible for sensitive files to be shared from personal email accounts.
However, DLP solutions make it possible to control what data is being shared, which allows the company to feel secure offering more flexibility in its security policies. Ultimately these additional benefits are secondary to the necessity of protecting critical company information; however, they are a useful addition for accurately demonstrating the benefits that a DLP solution can bring to a company.
Conclusion
It seems that barely a week goes by without yet another report appearing in the media about a high-profile leak of confidential data – and what makes it into the news only represents a fraction of all the incidents that occur, with many businesses hushing this up within the organisation. There is most definitely a need in most companies for an increase in awareness of threats and responsibility to protect business critical data.
This is the time for organisations to begin implementing, reviewing and enhancing security procedures. Do not wait for there to be a successful attack and to suffer the loss of revenue, customer trust, and the potential loss of critical data. Security requires constant vigilance and an active approach and this is growing more pressing as the world becomes more connected.
Organisations can benefit from DLP solutions in various ways and should view it as an investment. Organisations simply cannot overlook DLP technology and procedures – it is vital to protect sensitive data, and maintain the trust of your customers and your edge in the market.
- Lior Arbel is the CTO of Performanta Ltd
from TechRadar: All latest feeds http://ift.tt/1KRlHc7
via IFTTT
0 commentaires :
Enregistrer un commentaire