‫ Developing and Assessing your DLP Strategy (Part 1)-section 1

Number: IRCAR201508269

Date: 2015-08-21



As IT security professionals, we spend a great deal of time worrying about how to secure the infrastructure, operating system and applications, but when it comes right down to it, in the end it’s all about the data. An OS or app can be reinstalled and will be good as new – albeit with administrative overhead and possible temporary loss of productivity – but lost data may be irreplaceable and in some cases its loss or exposure can have severe ramifications for your business.

That’s why DLP (Data Loss Prevention or Data Loss Protection, depending on the source) has turned into a whole security subset of its own. Of course, DLP ties into other security areas such as regulatory compliance and protection of trade secrets. In this multi-part article, we will discuss how your organization can develop an effective DLP strategy and/or how to assess your existing policy for holes that might need to be plugged.

The challenge of developing an effective DLP policy

Developing an effective DLP policy with broad coverage is especially challenging because data comes in so many different forms: word processing documents, spreadsheets, email communications, database entries, XML files, chat logs, proprietary formats created by custom line of business applications, and even graphics files. Then there are multiple methods by which that data can be lost, including but not limited to the following:

  • Hack attacks from outside the local network
  • Physical access to the local network by outsiders through social networking
  • Deliberate insider data theft (corporate espionage, disgruntled employees, contractors, etc.)
  • “Hacking the cloud” (if you store your data there)
  • Interception of data in transit between one network and another or one endpoint and another
  • Physical loss or theft of mobile devices
  • Accidental leakage from inside the local network by authorized persons

All of these variables make it particularly important that your DLP strategy be multi-layered and that it be reassessed frequently to insure that methods of loss haven’t been overlooked or new ones introduced by changes to your network infrastructure and configuration (for example, a move to the cloud). Effective DLP is unlikely to be accomplished by a single turn-key solution, but will require a combination of security mechanisms to protect data in various locations and at various stages of creation, use, transit and storage.

DLLP: data loss and leakage

In fact, the most comprehensive strategy might be more accurately referred to as DLLP, or Data Loss and Leakage Prevention. Many IT professionals lump data loss and data leakage into the same basket, and they are related but there is a key difference. Data loss is what it sounds like: the data is either destroyed or taken away and you no longer have access to it. Data leakage is more insidious (and thus it can be more difficult to detect): the data is exposed or disclosed to persons who are not authorized to have access to it, but it is still left intact in its original location.

Thieves who only want to utilize the information in the data (for example, to use personal credit card information of your customers for identity theft or use information regarding your company’s trade secrets to sell to your competitors) would typically steal copies of the data and leave the originals alone so that you would not immediately be alerted to the fact that there had been a breach.

On the other hand, attackers who want to disrupt your business and cause you lost productivity in order to allow the competition to get ahead, or who want to get back at you over some grievance (such as a dissatisfied customer or a disgruntled employee or ex-employee) would more typically tend to destroy the data completely or copy it for themselves and then remove the original files from their location.

However, the common terminology is DLP and so, for the purposes of this document, we will use that verbiage to refer to both data loss prevention and data leakage prevention.














The Wall

No comments
You need to sign in to comment