Fixing leaks
Why do government departments and public sector corporates need data loss prevention software? RSA explains.According to the Privacy Commissioner, government departments leak information like sieves, which poses the question: how safe is your business’s data?In early May the Privacy Commission reported that the personal details of New Zealanders were at risk because government policies on the use of portable storage devices (PSDs) were poor. The Commission surveyed 42 major government departments and reported that PSDs, such as USB sticks, were widely used but that there were lapses in security procedures and practices around their usage. Data loss is not something most managers devote a lot of time to. But with tough times leading to new layoffs, businesses have a myriad of challenges, and departing staff members leaving with USB sticks full of sensitive data is one of them. However, there are other areas where information could be compromised: taking information to meetings, temporary backups, transferring information between departments or organisations – all these activities present a data loss risk. To give you an example, a survey carried out by a UK security firm found an estimated 9000 USB sticks were left in people’s pockets when they took their clothes to the dry-cleaners. Security software is not new, but typically security solutions have addressed specific issues such as malware and spam. Perhaps unintentionally, these types of solutions have also increased organisational complexity, and when there are real gaps and no set policies in place, it creates a huge risk. Data Loss Prevention (DLP) is a new technology that has been specifically developed to prevent this. It differs from other security software because it involves an enterprise-wide approach to data leaks, not just specific security threats. It works across three levels: data at rest, network traffic and data at use in Windows endpoints. The steps listed below are the correct measures to take for data loss prevention.Data at Rest The three steps to follow are discover, analyse and remediate.Your DLP solution should be designed to locate data across the entire environment. It must be able to look for data in all the places data lives in, such as file shares, servers and data stores, laptops, desktops, SharePoints, content management systems and in structured data stores. Once the data has been found, an organisation analyses it and decides whether it should be allowed to remain there. If not, a whole host of remediation options can occur, such as moving, deleting and quarantining. For example, if a scan discovers that endpoint users have sensitive files in their trash bins, DLP can notify the users to empty their trash. If re-scans continue to show that action has not been taken, it can fire off a script to empty the bins for them. Data in MotionThe three steps to follow are monitor, analyse and enforce.Unauthorised transmissions of data, whether they’re accidental or malicious, have to be monitored and blocked to prevent data loss and to protect the business. On the network side, DLP provides the ability to monitor and enforce across platforms such as corporate email systems, web-based email, instant messaging offerings and web-based protocols. The software not only identifies sensitive information through the analysis of the data inherent in a transmission, but also prevents the loss of sensitive data by blocking or encrypting such transmissions if they violate a defined security policy. Data in UseThe three steps to follow are monitor, analyse and enforce.Statistics show that more than half of sensitive data loss is from endpoints. To further complicate the situation, the type and amount of sensitive data on these endpoints changes dynamically every day and organisations have no established process to track and protect it. The DLP solution on the endpoint not only discovers sensitive information through the analysis of the content of a file; it can also monitor actions such as print or copy on an end user’s computer, and blocks or logs any such actions that violate a security policy. This results in proactively preventing the loss of sensitive data before it happens.Users often use USB devices to move data off and on to laptops. The DLP solution can prevent this altogether, or stipulate that you can only use a company-certified device. There are many security pitfalls facing enterprises today, but it’s fortunate that data loss can be prevented by implementing 21st century technology solutions.