What is data loss prevention?

Business in this modern age is fraught with challenges and potential hazards, most of us are clearly aware of this.  However, there are also a great number of new opportunities and possibilities which have opened up in the last couple of decades, thanks to the influence of the IT sector, of course.  On the “hazard” side of the equation we have an issue like data loss prevention; which, as the value of data increases, becomes even more significant.

So, just what is data loss prevention anyway?  In a nutshell, DLP (also sometimes called data leak prevention, Content Monitoring and Filtering, or information loss prevention) is way of securing data so that it isn’t able to fall into the wrong hands.  The most obvious illustration of this would be found in examples from the corporate world, where the goal is prevent critical / sensitive data from being leaked to competitors or criminals.  However, data loss prevention isn’t always about creating controls to prevent the theft of information, it can also serve to help stop accidental disclosure of data.

The thing is, data loss prevention isn’t limited to any specific type of information; such systems are designed to avoid losing any type of data, whether it is private, public or corporate.  For instance, if we’re talking about something like hospital or financial records, then it’s in the best interests of the host company to avoid letting such information leak out for fear of lawsuits and/or loss of confidence in the institution itself.  Take credit card information, for example – if a business were to accidentally leak this type of customer information to the public it would likely set off a firestorm which might do irreversible damage to the company’s reputation.  

Similarly, DLP solutions are often set up around anything that might be deemed “intellectual property”.  For organizations which focus on and/or primarily supply digital products or services, data loss prevention is absolutely critical if that business wants to remain active in the long run.  In other sectors, the loss of data might simply mean that production will be set back; but this is also very dangerous because (as you well know) there are many factors involved in any manufacturing operation and lost time means lost profits.

As you might have already guessed, one of the best ways to implement a more sound approach to data loss prevention is for businesses to focus on training and/or certification for their IT workers in the subject.  There is no substitute for having experienced people on the “ground floor” of any DLP program.  Often times it’s the small things or details which make all the difference in the world when it comes to preventing information from leaking out, if you’ve got the right personnel (with the right training) at your side, you’ll find that it’s possible to rest much easier at night knowing that there is an effective solution in place.

Data Loss Prevention Methodologies

DLP comes in several “flavors” or categories, if you will.  First off, there are your standard security measures, like antivirus programs and firewalls.  Additionally, intrusion detection systems qualify as a standardized means of enacting data loss prevention.  In each case, the purpose of all three of these tools is to essentially prevent uninvited guests from getting inside your network and stealing data.

Next you have advanced security measures, which tend to be a bit more sophisticated.  For example, subversion can be employed with advanced methods, using “honeypots”, or elements which are isolated from the rest of the infrastructure and set up to appear vulnerable so that the actions of an intruder or virus can be analyzed is a popular technique falling into this category.  However, there are even more advanced forms of security measures which involve things like A.I., machine learning, and even various types of algorithms to constantly scan for abnormal behavior.  Even if these systems don’t immediately catch a would-be problem, they are often invaluable after-the-fact because they can provide crucial information about how an attack was carried out.

There’s also encryption and access control, which are great DLP-based solutions.  Naturally, if data is encrypted, it’s going to be much tougher (or in some cases, extremely impractical) for thieves to do anything useful with said information.  Also, if encryption is accompanied by some type of tracking initiative, then it’s often possible to locate would-be criminals before they’ve even had a chance to extract any value from said data.  Perhaps the single best way of ensuring that data remains protected at a basic level however is to enact access controls.  In essence, access controls are simply protocols which make sure that only certain individuals with clearance are able to view, copy or share certain types of information.  There are multiple ways in which this is carried out; for example, access control might incorporate- rule and regular expression matching, structured data fingerprinting, published lexicons, and/or statistical methods.  

Clearly, data loss prevention is something which should concern everyone in an organization, particularly management and IT.  Data has real intrinsic value, now more than ever, so it’s really in your company’s best interest to protect its critical information at all costs.   Moreover, if you really want to maintain your profits, continue growing and make a difference in your particular industry, consider adopting a wide and varied approach to DLP.

 qlikview bi