What is Data Loss Prevention? (DLP) [Article]
What is Data Loss Prevention? (DLP)
by Mo Haque, MSEE, MSEE, PMP - Published 4-16-14
Data loss prevention is known as data escape protection. It is about ensuring that customer information, personal employee information, and intellectual information remains safe and secure within the perimeters of the enterprise operation. It is industry’s belief at large that close to fifty percent of data is either stolen, lost or exposed to unwanted parties due to the lack of policies and proper processes.
Data loss prevention is of strategic importance to any enterprise. Every enterprise must protect their most important data-sensitive information that could cost their organization a lot if the data is compromised.
Every organization involved in operation must focus on security of the organization’s sensitive data by working to secure the data itself. Hence, the first step is to identify the most critical data and its location with the network. This all boils down to a two prong strategy; first identifying who is accessing and using the sensitive data and second, where it is being sent, copied, transmitted, exposed, or left unattended. By performing these two steps an organization can prevent against data loss and also flag any data handling that violates the organization’s security policies and procedures. The following steps can help an organization to define their policies regarding DLP – Data Loss Prevention:
• Identify the organization’s most sensitive data
• Determine how sensitive data is currently being used (document each and every process’s boundary using SIPOC)
• Strictly enforce security policies to ensure DLP compliance
How can an organization create an effective DLP system? Here are a few guidelines:
• Conduct a discovery session to understand organization’s DLP goals, requirements, and processes
• Identify sensitive data & review the organization’s existing environment
• Evaluate organization’s current policies and procedures
• Create DLP Processes for onboarding applications, web services, servers, network changes, storage, and retrievals
• Define policies regarding handling sensitive data
• Encrypt the sensitive data and create encryption keys
• Monitor and Control processes and compliance
o Penetration testing
Identify threats and expose vulnerabilities
Test to breach organization’s security
Explore malicious hacking
Identify negligent employee behaviors
o Vulnerability Scanning
Vulnerability Scanning for network, servers, routers, mobile devices, websites, and web applications
Credentialed and uncredentialed scans
• Ongoing DLP processes lifecycle and automation