What is Data Loss Prevention (DLP) and how does it work?

Security teams apply user-risk scoring to focus on the events that matter most and to accelerate compliance with global data regulations.

Data security is a never-ending challenge. On one hand, IT organizations are required to keep up with regulations and protect intellectual property from targeted attacks and accidental exposure. On the other, they must adapt to macro IT movements, such as the adoption of cloud applications, hybrid cloud environments and BYOD trends, all of which increase the ways data can leave your organization.

Data security is a never-ending challenge. On one hand, IT organizations are required to keep up with regulations and protect intellectual property from targeted attacks and accidental exposure. On the other, they must adapt to macro IT movements, such as the adoption of cloud applications, hybrid cloud environments and BYOD trends, all of which increase the ways data can leave your organization. That is where DLP steps in.

What is DLP?

Data loss prevention (DLP), per Gartner, may be defined as technologies which perform both content inspection and contextual analysis of data sent via messaging applications such as email and instant messaging, in motion over the network, in use on a managed endpoint device, and at rest in on-premises file servers or in cloud applications and cloud storage. These solutions execute responses based on policy and rules defined to address the risk of inadvertent or accidental leaks or exposure of sensitive data outside authorized channels.

DLP technologies are broadly divided into two categories – Enterprise DLP and Integrated DLP. While Enterprise DLP solutions are comprehensive and packaged in agent software for desktops and servers, physical and virtual appliances for monitoring networks and email traffic, or soft appliances for data discovery, Integrated DLP is limited to secure web gateways (SWGs), secure email gateways (SEGs), email encryption products, enterprise content management (ECM) platforms, data classification tools, data discovery tools, and cloud access security brokers (CASBs).

DLP best practices strengthen data security

Best practices in DLP combine technology, process controls, knowledgeable staff, and employee awareness. Below are recommended guidelines for developing an effective DLP program:

1. Implement a single centralized DLP program - Many organizations implement inconsistent, ad hoc DLP practices and technologies, which various departments and business units implement. This inconsistency leads to a lack of visibility into data assets and weak data security. In addition, employees tend to ignore department DLP programs that the rest of the organization does not support.
    
2. Evaluate internal resources - To create and execute a DLP plan, organizations need personnel with DLP expertise, including DLP risk analysis, data breach response and reporting, data protection laws, and DLP training and awareness. Some government regulations require organizations to either employ internal staff or retain external consultants with data protection knowledge. For instance, the GDPR includes provisions that affect organizations that sell goods or services to European Union (EU) consumers or monitor their behavior. The GDPR mandates a data protection officer (DPO) or staff that can assume DPO responsibilities, including conducting compliance audits, monitoring DLP performance, educating employees on compliance requirements, and serving as a liaison between the organization and compliance authorities.
    
3. Conduct an inventory and assessment -  An evaluation of the types of data and their value to the organization is an important early step in implementing a DLP program. This involves identifying relevant data, where the data is stored, and whether it is sensitive data—intellectual property, confidential information, or data that regulations address. Some DLP products, can quickly identify information assets by scanning the metadata of files and cataloging the result, or if necessary, open the files to analyze the content. The next step is to evaluate the risk associated with each type of data, if the data is leaked. Additional considerations include data exit points and the likely cost to the organization if the data is lost. Losing information about employee benefits programs carries a different level of risk than the loss of 1,000 patient medical files or 100,000 bank account numbers and passwords.
    
4. Implement in phases -  DLP is a long-term process that is best implemented in stages. The most effective approach is to prioritize types of data and communication channels. Likewise, consider implementing DLP software components or modules as needed, based on the organization's priorities, rather than all at once. The risk analysis and data inventory aids establishing these priorities.
    
5. Create a classification system -  Before an organization can create and execute DLP policies, it needs a data classification framework or taxonomy for both unstructured and structured data. Data security categories might include confidential, internal, public, personally identifiable information (PII), financial data, regulated data, intellectual property, and others. DLP products can scan data using a pre-configured taxonomy, which the organization may later customize, to help identify the key categories of data. While DLP software automates and speeds classification, humans select and customize the categories. Content owners can also visually evaluate certain types of content that cannot be identified using simple keywords or phrases.
    
6. Establish data handling and remediation policies - After creating the classification framework, the next step is to create (or update) policies for handling different categories of data. Government requirements specify the DLP policies for handling sensitive data. DLP solutions typically apply pre-configured rules or policies based on various regulations, such as HIPAA or GDPR. DLP staff can then customize the policies to the needs of the organization. To administer the policies, DLP enforcement products prevent and monitor outgoing channels (like email and web chat) and provide options for handling potential security breaches. For instance, an employee about to send an email with a sensitive attachment might receive a pop-up that suggests encrypting the message, or the system might block it entirely or redirect it to a manager. The response is based on rules the organization establishes.
    
7. Educate employees -  Employee awareness and acceptance of security policies and procedures is critical to DLP. Education and training efforts, such as classes, online training, periodic emails, videos and write-ups can improve employee understanding of the importance of data security and enhance their ability to follow recommended DLP best practices. Penalties for breaching data security may also improve compliance, especially if they are clearly defined.

Forcepoint DLP

Forcepoint Data Loss Prevention (DLP) is a data loss prevention product that safeguards users against sophisticated attacks and data breaches. The technologies of Force point DLP can swiftly detect and safeguard sensitive data, as well as provide visibility and awareness into assaults on endpoint devices both on and off the network.

Key features:

Utilizing a network, cloud, and endpoint discovery, identify, remediate, and protect sensitive data.
Centralized policy administration across all channels, including cloud, endpoint, network, online, and email.

Optical Character Recognition (OCR) for identifying embedded picture data.
Personally Identifiable Information (PII) for validation checks, actual name detection, and proximity analysis.

Personalized encryption identification for revealing hidden data.

Machine learning enables users to teach the machine to recognize unknown data. Users can contribute good and negative examples to the engine so that comparable data can be identified.

Cloud protection for monitoring and avoiding the loss of sensitive data online, as well as risk assessment of visited websites.

Consult us for more information about the full range of Forcepoint DLP options