For businesses dealing in sensitive data, be it their own IP or the personal info of their clients, prevention of data leakage is of the utmost concern to IT professionals. Data Loss Prevention (DLP) is one broad area of cybersecurity that CIOs and CTOs can leverage to fight back against leaks. Put simply, DLP is a set of tools designed to control and manage a system such that data cannot exit it. This allows administrators to keep the full view of the environment they manage and best compliance.
Especially in cases where compliance to a set of industry privacy laws is required of a company, having a strong DLP policy is of even greater concern. As a history of lost data can be a damning occurrence for many organizations, any successful solution must be as proactive as it is reactive to risks both inside and outside an organization.
DLP software typically carries out at least one of three core functions: Protection, Control, & Insight.
The first set of tools are used to prevent a loss of data from a force outside the organization, such as an intrusion via hacking or phishing. In this case, attempts to enter the network are monitored and blocked by an Intrusion Protection Services (IPS) built into a firewall or anti-virus. Encryption of files also falls under this category as well.
While the most sophisticated breaches of data may occur due to a hack, it is important to remember that majority of data losses are the result of user error. This is where the next function of DLP comes in. A good DLP plan will emphasize the mitigation of risky user behaviors by placing specific controls on activities users may engage in. An example of this may be a rule that prevents a user from sending attachments to an unapproved external contact. Others may be disabling the deletion of files from a company server or preventing use of external media in a USB port.
Oversight of Data
The final function would be analytics and oversight. Where the others provide more active features for controlling behavior, this is one that is more passive in nature and serves to inform administrators on how their data is being used. This is generally in the form of a centralized dashboard displaying and any events that may be worth examining. Overall this allows admins to learn more about how information travels in a network and make changes to data policy based on this.
Depending on an organization’s needs, a combination of these tools may be necessary as part of a cybersecurity strategy.
While these tools serve to manage and control data access in a network, there are limits to how far reaching they can be. For all the power that admins may have to wield in the network, unfortunately, once data exits those boundaries the authority ends.
Advancements in DLP
This past year, however, Microsoft has released a new tool that aims to counter the gaps in DLP oversight. Now part of the Enterprise Mobility + Security bundle, Cloud App Security incorporates technology from Adallom, a security firm acquired by Microsoft in 2015, focused in extending security and auditing capabilities to third-party cloud storage apps. This means that administrators of a network including this service will be able to gain insights into how company data stored in a personal Google Drive, for example, is accessed.
Besides analytics features, policies may also be added to manage how and where data may be permitted to go. Compatible with around 15,000 different cloud applications, administrators may selectively manage which third-party storage may be used by employees and those that may not.
Combined with Azure Information Protection, management of SaaS apps may also be brought down to the file level. Utilizing intelligent classification of files, the service may deem a spreadsheet containing sales data too sensitive to be stored on Dropbox, while a document containing a recipe for Cole Slaw would be acceptable.
Overall, use of this service can serve to simplify data management and increase oversight of data usage past the perimeter of a network. As a old level Microsoft Partner, Metro CSG can provide services in implementing a Cloud App Security solution, as well as the primary Data Loss Prevention services addressed in this post. If your organization is seeking out a new approach to cyber security and compliance, we can help!