Need of the hour, DLP.

Data Loss Protection is the practice followed to restrict movement of data outside the organisation and is highly recommended to avoid misuse of proprietary information or other sensitive material.

These loss protection softwares obstruct the end-user from intentional or inadvertent errors to leak data by monitoring, detecting and blocking exfiltration of critical information.

The terms “data loss” and “data leak” are quite similar but hold their respective intentions to be used in technical aspect. While data loss refers to simple misplaced-data which may or may not be recovered, data leak implies transfer of data from one sector to another or even outside the organisation. Though not very common but another manipulation technique is data hiding where the access to certain block of data is exclusive and controlled.

Data leakage can be minimised but it cannot be eliminated completely; and use of Data Leak Protection softwares is thus suggested.

System of records like HR, ERP and CRM departments stay under high risk of data attacks as they store huge amounts of employee/customer information which otherwise, is not easily extractable. After you have prioritised what sector of your organisation is under threat, proper implementation of DLPs takes place. Further, the DLPs can be classified as:

  1. Standard

    It includes general firewalls and antivirus softwares which hinder the inward approach of an external elements with malicious properties; thereby creating premise-elimination of intruding clients.

  2. Advanced

    As the name suggests, methods used under this segment have advanced capabilities like machine learning and activity monitoring for abnormal exchanges across endpoint and clients.

  3. Designated

    Designated DLPs monitor and control the data activities of ‘officials with authorised access’ to critical data by using algorithms like data matching, statistical methods, rule & regular matchings and conceptual keywords & definitions

The operation of a DLP program is based on a number of stages and starts with documenting a monitoring policy for the functioning of a DLP. This policy encloses information like- what kind of data is to be considered critical and what action is to be taken in situations of breach attempt. It is followed by a comprehensive scan of the complete data stored, in-order to locate sensitive components and to safeguard them. This scan results in a statistical report to pin-point data under risk and states the protocol to protect it.

Now the data identified to be critical, is categorized as:

  • At rest
  • The longer a block of data is left untouched, higher the risk of its content to be accessed by an unauthorised personnel.

  • In use
  • It targets the commands to cut, copy, paste or screenshot i.e. the content a user is interacting with. It may lead an employee to inadvertently direct the data to an unauthorised location.

  • In motion
  • The data being transmitted across a network is termed to be in motion. It can be targeted via both external and internal networks.

Data Leak Protection programs are of two types- (1) Network and (2) Endpoint, based on the location they are deployed at. As obvious as it sounds, a network DLP is installed at data egress points to analyse network traffic to detect information transmitted against the security policy. While Endpoint DLP are installed to control flow of data across end-devices, between users or a group of users. Though complex to maintain, endpoint DLPs are better than the conventional network DLPs and are proportionately expensive too.