Strictly speaking data
“Loss” can be due to machine failure,
power failure, data corruption, data / media theft etc and the means of
protection is backups, disaster recovery strategies and redundancies.
Though “L” is used to represent either “Loss” or “Leak” in the acronym DLP, it is
actually more about “LEAK” as it is
understood in the industry. Which actually means sensitive data crossing over to unauthorized area from a authorized area due to various leak vectors.
DLP is actually more of a concept or strategy with
functional sub components (e.g email
scanning, encryption of data at rest and so on). These components are used to enforce the
strategy outlined by policy statements. Such policies can be
- Acceptable use policy( AUP),
- Data sharing on detachable/portable media policy,
- Data classification policy, etc
However, we have DLP tools which claim to handle all
functionalities of DLP strategy and therefore some technologists believe that by just
deploying such tools DLP is implemented. This is grossly wrong. DLP is more about strategy, awareness, training plus the technology. Data leak more often than not happens due to poor employee discipline or awarness.
DLP addresses three areas
- · Data at rest , e.g data in databases, data on a drive of a laptop / usb storage
- · Data in transit, e.g emails or web forum postings, upload to cloud, data on network
- · Data in use, e.g file copy or print operations
- Quarantine,
- encrypt,
- block,
- notify
DLP Tool is deployed at end points, email gateways, network gateways for url
filtering.
Sub functions or processes of DLP tool are:
- Monitor,
- Detect and
- Prevent
For data at rest Data discovery or discovery scanning is used. Pattern matching or string comparison is used for structured data. hashing is generally used for unstructured data.
A Checklist
- Policies and user awareness campaigns.
- Encryption for data at rest and in transit.
- File shares mapped with access rights.
- Consolidation of inventories.
- Control of external HDD and usb storages devices (mobile and portable storage devices)
- Disabling of all usb ports for usb storage devices.
- Disabling of all unwanted inbuilt DVD readers/writers.
- Air gap maintenance disconnected networks.
- Secure file delete policies and procedures.
- Access controls on laptops and full disk encryption.
- Use of VLANS
- Consolidation of file servers
- Strict data classification policies.
- Data retention policies. Destruction of old and unwanted data files.
- Deploying RMS/DRM/IRM solution
- PKI based email
- Effective Identity provisioning and management.
- Content and Gateway screening