en

Developing and Assessing your DLP Strategy (Part 2)


Number: IRCAR201510276

Date: 2015-10-

Policies, Programs, Practices and People

Your data loss and data leakage prevention strategy will revolve around four major components (all of which just happen to start with a P, which makes it a little easier to remember):

· Policies. Before you can implement a system for enforcement of data loss and data leakage prevention, you have to determine what to enforce. Some organizations look first at DLP software solutions, but I put policies as the first step because unless you know specifically what you want to accomplish with your DLP solution, it’s difficult to evaluate the different packages and know which one(s) can best handle your needs.

· Programs. Data loss and data leakage prevention software can take many forms. Some vendors attempt to provide an all-in-one turn-key solution. DLP can also be accomplished by the implementation of different solutions at different layers – network edge, server, endpoints – and a comprehensive DLP strategy is likely to include a number of solutions working together.

· Practices. Best practices can make or break the effectiveness of your DLP solution. This refers to how your DLP solution is architected, configured and managed.

· People. The human factor is always present in any security-related issue, and data loss/data leakage prevention is no exception. The people involved include your end users who legitimately have access to your data, unauthorized users whose intent it is to access your data (both insiders and outside attackers), and you and the other network administrators and security professionals who are tasked with protecting that data, along with your organization’s managers and executives and perhaps directors who make decisions that impact your DLP strategy.

Now we’ll look at each of the above components in more detail.

Policies: The Foundation of your DLP Strategy

The creation of your DLP policies is the two-part process of deciding the rules that will govern the detection of sensitive information and the implementation of controls to protect it when it is detected.

For example, you might want to identify the following types of information as sensitive/personal information, the privacy of which must be protected (by law, if you operate in certain regulated industries):

· Driver’s license numbers

· national ID card numbers

· Passport numbers

· Health services/medical account numbers

· Credit and debit card numbers

· Employer Taxpayer identification numbers

· Bank account numbers

· IP addresses

These are just a few of the types of numerical information that constitute sensitive personal data, the transmission of which outside your network you might logically want to restrict or at least monitor. But how do you identify these and differentiate them from other, non-sensitive strings of numbers?

That’s where DLP software comes in.

Programs: To Detect and Protect

A good DLP solution will include software that can check for patterns indicating that the types of information for which you’ve set up monitoring has been detected. It will be usable in either of two modes:

· Monitor and alert mode. The software will scan for sensitive data that is in danger of being exposed and will notify you.

· Enforcement mode. The software will apply rules that you specify to block or remove sensitive data that is being sent or shared in violation of the policies you have set.

The software can identify sensitive information in a couple of different ways. The rules for detecting well-defined information types such as social security or credit card numbers are relatively simple. It’s more difficult to identify, for example, a particular type of company document that you want to protect, such as the company’s financial statement. There is a software would evaluate the entire document and look for a group of pattern types instead of just one.

Good DLP software will allow you to customize the built-in sensitive information types. This allows you to apply policies that are specific to your organization or to a particular set of regulatory rules. Depending on the DLP software, writing your own policy templates may or may not require some programming skill.

Your DLP software should be able to scan and inventory all of the different types of data in different locations that we discussed in Part 1 of this series. If your organization stores some or all of its data in the cloud, your DLP solution must be able to detect and protect sensitive information both on local systems and in the cloud. Two of the most common points of data loss or leakage or web sites and email.

Part of the problem that makes it difficult for DLP software (and security in general) is that employees today, thanks to BYOD and cloud services, enjoy a very fluid online environment in which work and personnel lives are intertwined. Many employees use their personal email accounts in addition to their official corporate accounts when sending work related messages to colleagues. These are often web mail accounts such as Gmail, Hotmail/Outlook.com or Yahoo mail, which can further complicate your DLP efforts.

Your DLP software should be able to detect sensitive data sent via SMTP, HTTP, HTTPS, NNTP, FTP, IM, and so forth, as well as custom protocols (identified by port). Good DLP software will be able to block messages containing sensitive data and/or remove sensitive data from web sites.

Of course, in today’s litigious business world, detecting and protecting is not enough. Your DLP software must also be able to provide you with documentation of the actions that it takes. Logging and reporting is an increasingly important feature in all security-related software. You need to be able to generate reports in various formats to allow you to review incidents and remediate risks based on analytics.

Finally, your DLP software should integrate with your other security solutions for optimum protection and performance. For example, it needs to be able to integrate with your backup software to scan backups for sensitive data, with your endpoint protection software, your mobile device management software and so forth.

References:

http://www.windowsecurity.com/


The Wall

No comments
You need to sign in to comment

news specifications

 
Added 20 Mehr 1394

Rate

Your rate:
Total: (0 rates)