With a huge amount of the global workforce still working from home (WFH) on a full or part-time basis, there is a growing debate about how best to protect sensitive data in such an ‘uncontrollable’ environment.
According to Digital Guardian’s latest Data Trends Report, the number of data egress attempts has dramatically increased since the beginning of the pandemic, making it more important than ever to have visibility into data movement. At the same time, the challenges of WFH have further exacerbated the ongoing tension between employees who just want to get their work done and security teams who must ensure robust data protection is in place at all times.
While Data Loss Prevention (DLP) can effectively protect data, any program or technology put in place must enhance both the productivity needs of employees and the security requirements of the business. This article will provide details on what DLP is, advise on how to maximize its effectiveness, and explain why, when done right, it offers a powerful safety net against data loss and/ or theft in a remote working environment.
What is DLP?
DLP is a set of tools and processes that helps prevent the loss, misuse, or unauthorized access of sensitive data. DLP software classifies regulated, confidential and business-critical data and identifies violations of policies defined by organizations or within a predefined policy pack, typically driven by compliance with regulations and statutes such as Payment Card Industry Data Security Standard (PCI-DSS) or General Data Protection Regulations (GDPR).
Upon identifying a violation, DLP enforces remediation actions. These include alerts, encryption, and other protective actions to prevent end-users from accidentally or maliciously sharing data that could put the organization or its customers at risk. DLP software and tools monitor and control endpoint activities, filter data streams on corporate networks, and monitor data in the cloud to protect data at rest, in motion, and in use.
Why should you use it?
Data loss prevention solves the following three main objectives that are common pain points for many organizations:
1. Compliance and Personal Data Protection: Any organization that collects and stores large quantities of sensitive customer data -- such as Personally Identifiable Information (PII) or payment card information (PCI) -- is likely subject to compliance regulations such as the GDPR, amongst others. These regulations require organizations to ensure adequate protection of this data. DLP can play a big role in this by means of identifying, classifying and tagging sensitive data, as well as monitoring activities and events surrounding that data. Furthermore, DLP’s reporting capabilities provide the details needed for compliance audits.
2. Intellectual Property (IP) Protection: DLP is also a great way to protect important intellectual property and/or trade secrets that, if lost or stolen, could jeopardize an organization’s financial health or brand image. DLP uses context-based classification to classify IP in both structured and unstructured forms. Security teams can then put policies and controls in place to protect against unwanted exfiltration of this data.
3. Data Visibility: DLP can also give an organization much more visibility into data movement throughout its environment. A comprehensive enterprise DLP solution can help security teams see and track data on endpoints, networks, and the cloud. This provides much better visibility into how individual users within the organization are interacting with data, and what they are doing with it thereafter.
While these are the three main use cases, DLP can remediate a variety of other pain points including insider threats, Office 365 data security, user and entity behavior analysis, and advanced threats.
Creating a successful DLP program in a WFH environment
A successful DLP program in a WFH environment often starts with educating users on how to be smart with their data. This includes making sure that they are not sending data to places where it should not be. It is also important to work collaboratively with all parts of the organization to achieve the business’ collective goals.
Effective data governance also plays a major role. For most organizations, this starts with taking the time to identify and locate all of their most critical data, then using DLP to set up guardrails to properly protect it.
Finally, it is crucial to know when to get rid of data that no longer holds business value. Often, there is a tendency to avoid deleting old data in case it might be needed again one day. While it is important to retain data that fulfill regulatory compliance, purging non-essential data after a predetermined period of time is a smart security decision. Not only does it free up storage space, it also prevents the data from falling into the wrong hands.
DLP creates an effective safety net
For many organizations, DLP can also serve as a safety net against both unintentional and malicious insider threats. When someone leaves the company, for example, organizations can run a six-month background check on their devices to evaluate any egressed data. Recording such behavior lets organizations see if anything sensitive was removed, get data back, or prove in court that it was taken. This way, even in the event that the exfiltration of data is not stopped initially, the data’s value can ultimately be protected.
It is getting easier to put an effective program in place
In the past, launching a DLP program was an arduous process, particularly amongst a remote workforce. With a growing number of leading vendors now developing and offering managed service programs, however, organizations can leave the heavy lifting to them and instead focus on its available security benefits.
As the world continues to adapt to a new business landscape dominated by WFH, the debate about how to protect data in such an environment is gathering pace. When implemented correctly, DLP can be a great way to do this, offering fantastic visibility and control without impacting employee productivity. Furthermore, the growing range of managed service programs available means it has never been easier to implement.
Adam Burns, Director of Cybersecurity at Digital Guardian