Data Loss Prevention: A Major Pain Point
The advancement in mobile devices, the wide spread adoption of high speed internet (3G and above) and cloud services have opened up an array of opportunities to the business and technology world. It was only because of these advancements that we are hearing terms like BYOD and BYOA. These practices have increased the mobility of your employees to an extent that they need not be physically present in the office to do their job. They can access the company server using their own devices from anywhere in the world and do their job. Which is an amazing capability, yet it does not come without its defects. The major one being data loss.
The importance of protecting data, sensitive or otherwise, cannot be stressed enough. Intellectual property is the most important and most vulnerable asset of a company. Any loss or leak of these can be catastrophic. I am not talking about the threat of hacking or external interference here (of course these are major issues, but most companies have multiple layers of security to prevent this), what I am talking about is internal or insider threats. How do you make sure that any of your employees accidentally or deliberately copy or send some sensitive information or data to outside party? This is a rather huge problem now as your employees are mobile and no longer work only from the comfort and security of your office.
Not even for a second think that your employees are loyal or smarter than that. All it takes is one disgruntled employee or a careless mistake from a loyal employee. As you know, once the genie is out of the bottle, it is out for ever. So, prevention is the only cure.
What can be done!
There are several measures that can be taken in order to prevent data loss. Let us go through a few of these measures.
Let us admit it, no matter what we say, not all data are crucial. So, the first step in protecting your data is to identify which data to spend time and resource securing and which not to. Identify those that can be public and those that have to be kept sensitive. Understand that not all of your employees need to have access to all the data or information that your company has. Make that sensitive information available only on a ‘need to know’ basis. This might not sound much but it is effective and goes a long way in terms of protecting your data.
You have already classified your data and now you know which ones are worth protecting, so how can you do it. Doing manual checks of every email or IM or so is not an option, it simply cannot be done, this is why software solutions are needed to this. There are multiple solutions available in the market that has the capability to do these. Chose those solutions that can do the job by following your business-rules, i.e. your predefined information disclosure policies. You can use software for email, social media, and instant message tracking to make sure there are no violations of your policies. You should also do document fingerprint, and end point monitoring to further secure your data. Encryption of sensitive data is also a great practice.
The major challenge for data protection comes from your employees itself. A vast majority of your employees do not really want to harm the company and will not willingly disclose sensitive information to outsiders. Nonetheless, you need to make sure that they are aware of the risks. The employees should be properly aware of the information disclosure policy of the company. Gartner says that the major channel of data loss is via emails. Now, a proper IT protocol can make sure that no sensitive information can be emailed outside the company network, but if an employee copy pastes a document to the mail and instantaneously press ‘send’, chances are that the mail will be send with the information in it. To avoid this from happening, the employees should be well versed in the policies of the company. They should also be made aware of the dangers of sending data over IMs and over social media.
Network-based DLP solutions
Installed in your company’s network infrastructure, these solutions track and monitor data mobility and prevent sensitive data from being send outside the secure network. These solutions normally monitor emails, IMs, social media and more.
Storage-based DLP solutions
These solutions make sure that the data in your server is kept safe and secure. They mine your servers, SharePoint, and databases to make sure that no sensitive information is on non-secure platforms.
End-point based DLP solutions
They focus on end point systems such as PCs, laptops, tablets, mobile devices etc. to make sure that no sensitive data is leaving your company in the form of printouts or copies in USBs or CDs/DVDs or portable hard drives. They will also track webmail, social media, IMs and more, just to be certain.
Some DLP Solutions
- Fidelis Security Systems – IBM
- Palisade Data Monitor – Palisade Systems
- DLP Solutions from McAfee
- DLP Platform from GTB Technologies
These are some of the widely accepted and effective DLP solutions available in the market.
As I have mentioned before, one cannot stress enough about the importance of data and what its protection would mean to a company. There is no question whether data loss will have adverse effect; yet it is up to you to decide what to do to prevent this and how to do it, having said that, not taking adequate measures for DLP will be a serious mistake.