As we discussed in the previous article, Data Loss Prevention (DLP) solutions can be deployed effectively and bring value to organisations without the need of great investment from the onset. In this article we will discuss the benefits that organisations can get from deploying DLP solutions.
Visibility – As I described previously, many organisations invest in security products that focus purely on the incoming traffic with little or no visibility on the outgoing traffic. As a result, organisations are often not aware of the risk they might be susceptible to. DLP solutions can rectify this issue by providing the business visibility to information that leaves the organisation as well as exposing bad business processes. In one such example, a Telco provider reported that the DLP solution exposed more than 30 erroneous business processes that no one was aware of. Another example saw a financial institution’s DLP solution expose automatic process of a database query that was shared with an external partner but contained customer sensitive information.
Compliance – Organisations today need to fully comply with state and sector specific legislation. Compliance regulation is also due to expand in the next years as more rules are in the process of approval. One being the EU Data protection directive which requires organisations to report on data breaches within 24 hours. Whilst a DLP solution on its own cannot make organisations compliant, it can definitely assist them in achieving an understanding of what data is leaving the organisation, where is it going and where it is being stored. Many organisations currently use DLP to comply with the Data Protection Act, PCI-DSS and Healthcare regulations such as HIPAA-HITECH. If organisations fail to comply, large fines can be imposed. For example, the UK data Protection Act the Information Commissioner Office (ICO) can issue fines of up to £500,000 for just one data breach instance. Data breaches can therefore be a costly experience in terms of the fines levied, standing in the market and damage to an organisations reputation.
Employee education and awareness – whilst working with many organisations around data protection for more than eight years, I have realised that in many cases organisations do not have data protection policies in place. Even if some organisations do, they often don’t have the technology in place to enforce them or simply choose not to. Usually training the employees is the first step taken in data protection; however often what happens is that as the security training finishes, employees forget what is expected of them. In some cases, when they believe that a security policy can affect their work, they simply ignore it to support the business. DLP solutions can detect if an employee is breaching a policy, which relates to specific data, and can remind the employee of the security policy. When implemented correctly DLP solutions can show a significant decrease in policy violations simply by notifying the employees that they did something wrong.
Flexible security environment – traditional security solutions were designed to allow or block based on source, destination and channel. Today, with the dynamics of the web and social media, this approach can affect an organisation’s ability to adopt new communications channels. Many organisations still block social media sites and personal webmail sites as they are afraid it will affect their security, however in many cases there will be exceptions to those policies for specific users or departments. DLP solutions can provide an alternative by allowing the organisations to say “Yes” to social media and personal email and other channels, but with ability to control the content posted to those destinations. This allows organisations to be more flexible but still stay secure.
Malicious activity detection – as mentioned before, organisations are focused on incoming traffic and trying to detect malware and hacking attempts. However, according to 2013 Verizon Data Breach Investigations report, in 66 per cent of cases, breaches weren’t discovered for months — or even years. The assumption now is that once the attackers are inside the network they will try to steal data (few years ago they would “just” harm the network). DLP solutions can assist in detecting large amounts of data going out of the network, as well as offering the ability to detect unrecognised encryption, password files and more.
Taking into account these factors, organisations can benefit from DLP solutions in various ways and should view it as an investment. Organisations simply cannot overlook DLP technology and procedures – it is vital to protecting sensitive data, maintaining the trust of your customers and your edge in the market.
In the next article, we will discuss the common misconceptions about preparations needed to succeed in a DLP project
Lior Arbel is the Chief Technical Officer of Performanta UK. Performanta Technologies specialises in Information Security and Risk Management, offering enterprise clients end-to-end products, services and consulting capabilities.