Data loss prevention (DLP) is a collection of products that protect sensitive data from unauthorized use or transmission. Comprised of software, hardware, and processes, data loss prevention solutions protect data in use, data in motion on networks, and data at rest in storage or on users’ devices (e.g., desktops, laptops, phones, tablets).
Data loss prevention also includes monitoring and reporting to identify suspicious activity and meet compliance requirements. DLP is also referred to as:
- data leak prevention
- information leak detection and prevention (ILDP)
- content monitoring and filtering (CMF)
- information protection and control (IPC)
- extrusion prevention system (EPS)
- information loss prevention
A systems ability to identify, monitor, and protect data in use (e.g., endpoint actions), data in motion (e.g., network actions) and data at rest (e.g., data storage) through deep packet content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, etc.), within a centralized management framework. Data loss prevention capabilities are designed to detect and prevent the unauthorized use and transmission of sensitive information.
National Institute of Standards and Technology
Let’s jump in and learn:
Why Data Loss Prevention is Necessary
The loss of sensitive data has numerous negative repercussions for organizations, including fines, remediation costs, expenses related to the lost data, and reputation damage that can impact revenue. The importance of a data loss prevention solution continues to grow as part of any organization’s overall security posture. Among the drivers of this growth are the following.
Growing Influence of CISOs
The rise of the Chief Information Security Officer (CISO) role in organizations increases the use and footprint of data loss prevention solutions. CISOs want as much visibility as they can get, since they are responsible for protecting sensitive data from leaks—DLP provides this.
Insider threats are a growing vector for data leaks. Data loss prevention is the best way to stop malicious insiders who seek to tamper with, destroy, or exfiltrate sensitive data.
Compliance Requirements with Stringent Penalties
Government, corporate, and industry regulations call out sensitive data as something that must be protected and accounted for to avoid fines and other penalties. Data loss prevention solutions provide data protection and audit and reporting capabilities that help organizations adhere to the requirements.
Data continues to grow exponentially, and what was already unwieldy has become nearly unmanageable. Data loss prevention helps identify and monitor data wherever it is, on-prem and in cloud storage. DLP provides critical visibility into where sensitive data is stored, where it is sent, and who is accessing it.
How Data Loss Prevention Works
Data loss prevention protects sensitive information with a centralized view of data—in use, in motion, or at rest. DLP solutions can be used to classify data and apply rules that govern data use and transmission.
In addition to detection and alerting, data loss prevention protects data by ensuring that rules for encryption and isolation are enforced, in some cases with automation.
DLP also protects data by preventing the transfer of sensitive data to removable media, such as USB memory sticks, external hard drives, CDs, DVDs, phones, or tablets.
Data loss prevention solutions also protect sensitive data with these functions:
- Monitoring to provide visibility into data use, location, and access
- Enforcing security policies to identify anomalies that indicate unauthorized behavior or a misconfiguration that requires remediation
- Filtering data streams on networks to identify and stop suspicious or unauthorized activity
- Reporting to organize log data to expedite incident response and facilitate audits
- Analyzing data to identify vulnerabilities and suspicious behavior and give security teams forensic context
- Providing validation of compliance with configuration standards and requirements
- Increasing data visibility across systems to ensure that sensitive data is safe
Types of Data Loss Prevention
Available as hardware appliances and software, the three primary types of data loss prevention are endpoint, network, and cloud.
Endpoint data loss prevention extends DLP capabilities to anything that connects to networks. This includes end-user devices such as desktops, laptops, phones, and tablets, as well as on-prem servers and storage devices.
Network data loss prevention offers deep packet inspection to provide visibility into all data in transit across networks. All data passing through ports and protocols are examined.
A cloud access security broker, or CASB, often provides cloud data loss prevention services via software or hardware hosted in the cloud or on-prem. Cloud DLP solutions provide DLP functions for sensitive data stored in the cloud, SaaS, or IaaS applications.
Data Loss Prevention Best Practices
Effective data loss prevention has many components. Following are some of the key considerations when deploying or evaluating solutions.
- Assess and inventory data starting with a complete scan of networks to identify the locations and types of sensitive data.
- Classify sensitive data based on a data loss prevention framework for structured and unstructured data, including PII (personally identifiable information), intellectual property, and other restricted data. Sensitive information classification should also include dates related to archiving and destruction.
- Establish a strategy and team. The strategy should be based on a centralized approach to data loss prevention, and key roles should be defined for individuals involved with DLP.
- Prioritize sensitive information and secure the data that poses the highest risk to the organization if leaked or lost.
- Identify opportunities for and automate data loss prevention processes across the organization.
- Take advantage of machine learning to identify anomalies and abnormal user behavior. Behavioral models can be created for individual users or groups that establish a baseline to help identify accidental or malicious data usage and transmission.
- Educate everyone in the organization about DLP policies and data awareness to increase understanding of how vital each user is to the program’s successful deployment.
Office 365 Data Loss Prevention
With DLP, sensitive information buried in Microsoft applications, such as Exchange, OneDrive, SharePoint, Teams, and Office Suite, can be monitored without impacting users. Key criteria in data loss prevention for Office 365 includes:
- Creating and storing data loss prevention policies
- Locating sensitive data across the platform
- Preventing users from sharing sensitive information
- Monitoring usage of sensitive information
- Educating users and measuring compliance with policies
- Creating reports that can be integrated with data from other DLP tools
DLP extends data visibility to the Microsoft tools most widely used across organizations. It brings the power of data loss prevention to users’ workstations and integrates the information that it captures with other DLP data to provide a holistic view of the organization’s data.
Data Loss Prevention Tools
Tools used for data loss prevention can be hardware appliances or software and can be deployed on-prem or in the cloud. Key functionality to evaluate when considering a solution includes:
- Content analysis
- Data lifecycle management
- Data visibility—in use, in motion, and at rest
- Ability to follow users—on-prem and in cloud
- Policy management
- Support for meeting compliance requirements
- Analytics capabilities, real-time alerts, AI and machine learning
- Centralized visibility and administration across the organization’s data
Enforcing Data Loss Prevention Policies
Enforcement is the key to success in data loss prevention programs and policies. DLP solutions must have support from management as well as users. And data loss prevention must consider data throughout its lifecycle, in all locations—on-prem and cloud, following data wherever it is located.
Knowing where data is and ensuring consistent enforcement of policies are the cornerstones of effective data loss prevention. Be sure to make these a priority when evaluating and deploying DLP programs.
Egnyte has experts ready to answer your questions. For more than a decade, Egnyte has helped more than 16,000 customers with millions of customers worldwide.