We notice you are currently visiting the UK site. Would you like to visit our main site instead?

The word ‘DATA’ in and binary numbers in CGI.

What is data loss prevention (DLP)?

DLP stands for data loss prevention. DLP is an approach or set of strategies consisting of tools or processes which, when used by a network administrator, can ensure that sensitive data is not accessed, misused or lost by unauthorised users. With DLP, users do not send sensitive or critical information outside the organisation’s network. Network users have the potential to accidentally or maliciously share data which could harm the organisation to whom the network belongs. For example, forwarding business emails out of the corporate domain, or uploading sensitive files to a commercial cloud storage service such as Dropbox. DLP software categorises and protects sensitive data, whether it’s business critical, confidential or regulated.

Reasons to adopt DLP

The circumstances have never been more in favour of widespread adoption of DLP software. The volume of data exposed by data breaches has been growing year on year. Between 60% and 70% of all data breaches warrant public disclosure, which has a significant effect on company reputation and, often, finances. 84% of IT leaders think DLP is more challenging with a remote workforce. Every 11 seconds, another business falls victim to a cyberattack. In the US, the cost of an average data breach is $9.44 million. DLP addresses three common pain points for organisations’ IT security: personal information protection/compliance, IP protection and data visibility.

  • Personal information protection/compliance: any organisation that collects and stores PII, PHI or PCI is likely subject to compliance regulations such as HIPAA or GDPR. That means they need to protect their customers’ sensitive data.
  • IP protection: if your organisation has valuable IPs, trade secrets or even state secrets, their loss or theft might put it in jeopardy. DLP solutions that use context-based classification can classify IP in both structured and unstructured forms. Through policies and controls, you can stop exfiltration of your data.
  • Data visibility: a comprehensive enterprise DLP solution can see and track your data for endpoints, networks and the cloud. You will see how users in your organisation interact with data.

DLP is also beneficial for oversight on insider threats, Office 365 data security, user/entity behaviour analysis and advanced threats.

Data loss prevention best practices

A network admin stands in front of a server rack while looking at a laptop.

When beginning an assessment of how best to implement DLP for your organisation, it is important to remember: not all data is critical. Different organisations will prioritise different data. Which data would be the most disastrous if stolen? Focus your initial DLP strategy on protecting that.

Consider classifying your data by context. Associate a classification with the source app, the data store or the creator user. Persistent classification tags mean that organisations can trade data’s use.

Training and guidance can reduce the risk of accidental data loss by insiders. Advanced DLP solutions offer user prompting to alert employees that their data use may violate company policy or increase risk, as well as controlling risky activity.

Successful DLP deployments are aided by an understanding of how data is used in your organisation and how to identify risky behaviour. Organisations need to monitor data in motion as part of a strategy to observe what’s happening to their more sensitive data, and to understand the issues any DLP strategy should address.

The level of risk will naturally vary depending on your data’s destination such as partners, customers, the supply chain, etc. It’s often at greatest risk when in use on endpoints, such as in an email or a removable storage device. A robust DLP programme will account for these risks of mobile data.

What’s your primary data protection objective? Perhaps it isn’t a specific data type. Protecting IP, meeting regulatory compliance and obtaining data visibility all are worthy objectives. Having an established objective simplifies the determination of how to deploy your DLP solution effectively.

It is important not to run before you can walk for DLP. Set fast, measurable objectives for your initial, defined approach. You could take a project approach, narrowing the programme’s initial scope to focus on a specific data type. For example, attention on discovering and automating the classification of sensitive data. This is a better strategy than an overly elaborate and ambitious initial rollout.

In rolling out your DLP programme, determine and monitor KPIs so that you have metrics for its success and areas of improvement. Share these metrics with your organisation’s leaders to show the value that DLP is adding.

When you are rolling out your initial DLP programme, don’t make the mistake of implementing it one department at a time. Inconsistently applied, ad hoc DLP practices will be ignored by the sections of the organisation to which they do not directly relate, making them largely a waste of resources.

Related to this, it’s best to obtain buy-in from executives in your organisation, such as the CFO and CEO, to procure an approved budget for a DLP programme. Show how DLP addresses pain points for different business units, such as profitable growth and the efficient use of assets (as DLP eliminates the need for additional staff). This makes it easier to advocate for and coordinate organisation-wide adoption of the programme. When you collaborate with business unit heads to define DLP policies that will govern your organisation’s data, all business units will know the policies, how they fed into them and their impact.

Why is DLP being widely adopted?

The DLP market is evolving to react to the increase in very large data breaches.

  • More CISOs: with the increased visibility of chief information security officers who answer directly to CEOs, DLP provides reporting capabilities to facilitate regular updates.
  • Expanding compliance mandates: new and broader global data production regulations continue to appear, meaning organisations need to be adaptable and prepared. DLP solutions offer that flexibility.
  • More places to protect data: the increased use of third-party services, the cloud and complex supply chain networks means data protection is also more complex. Visibility into events and event context for data leaving your organisation is important to ensure it doesn’t end up in the wrong hands.
  • Frequency and size of breaches: cybercriminals, malicious insiders, even adversarial nation states could target your personal data for myriad purposes; corporate espionage, personal financial gain, even political advantage are all on the agenda. DLP can protect against many adversaries. Huge data breaches like Equifax, Yahoo, etc. affect billions of users. Preventing further large breaches can be as simple a matter as choosing the right DLP.
  • The value of stolen data: stolen data is often tracked on the dark web; individuals and groups alike buy and sell data for their own benefits. A significant financial incentive exists, especially for certain data types.
  • Greater breadth of theft-worthy data: sensitive data these days includes intangible assets such as pricing models and business methodologies. Intangible assets make up 84% of the S&P 500 market value.
  • Security talent shortage: there are still millions of unfilled security positions out there with many companies affected. Managed DLP services can fill that personnel gap as a remote extension.
Four colleagues in a well-lit corner office use tablets, a laptop and document printouts to discuss matters of network security.

What are experts saying about DLP?

Many cybersecurity specialists concur that the responsibility of upholding data security standards does not fall only on the shoulders of those in their field, but everyone in an organisation. While the IT department will naturally handle most of the work, all stakeholders in an organisation influence security policy and implementation. A data breach causes company-wide harm, which an IT department cannot possibly handle alone. All leaders in an organisation should be invested and involved in the development of a DLP solution. The experts recommend that leaders are at the table for the discovery process, so that they can ask questions and view demos before signing off on the final decision.

While encryption is not the entire solution to data loss, it is integral to any solution. When properly implemented, strong encryption is unbreakable. However, failures in implementation will be exploited by bad actors.

If organisations are proactive in their approach to cybersecurity, detecting and deterring insider threats is easier. The use of Kingston’s line of IronKey encrypted flash drives is a great way to help an organisation to meet its DLP objectives. Internal training for knowledge, skills and awareness is one method of doing so. Another is implementing monitoring activities to establish parameters for activities within work functions, which flag instances outside of those rules.

#KingstonIsWithYou #KingstonIronKey

Kingston’s ask an expert icon on a circuit board chipset

Ask an Expert

Planning the right solution requires an understanding of your project’s security goals. Let Kingston’s experts guide you.

Ask an Expert

Related Videos

Related Articles