Data Loss Prevention Operations and its Best Implementation Practices

Data Loss Prevention

Data is the vital component for any organization and every organization fears losing its critical or confidential data. Fear of losing such sensitive data has evolved the concept of “Data Loss Prevention” and numerous DLP products have been designed to diagnose and prevent data leakage. Such products run by performing operations in a defined manner as discussed below:

DLP Operations

For a proper working of security system it is vital that DLP product is properly monitored. For this to happen, DLP product must be created with right policies on the identified sensitive data across three channels:

  1. Data in motion: at users workstations
  2. Data at rest: at servers or databases
  3. Data in transit: on channels like HTTPS, FTP

DLP operations are, thereafter, categorized into the following three phases:

Triaging phase

After the policies have been set up for a DLP product, the security team monitors any alerts issued by them. The monitoring team looks after triaging the event against various conditions like who leaked data, what type of data has been leaked, where the data was leaked, etc. The alert is, thereafter, declared as an incident and the processing of the incident starts with a risk profile. A risk profile that is text-based includes important incident information and the level of severity ranging from low to high. After the risk profile is updated, the incident is assigned to the respective team.

Incident Reporting and Escalation phase

In this phase, the security team checks with the respective team if the data loss is acceptable or not. If yes, it will move to the tuning phase after being declared as a false positive. In another scenario, the security will be escalating the incident to the respective team along with proofs. The security team will then be closing and archiving the incident.

Tuning phase

In this phase, all the false positive incidents are passed. The security team, here, is concerned with the fine tuning of the policies due to any changes or wrong configurations. And the incident is repeated to perform a check.

In DLP, there is no resolution phase as the incident reported is already of a data loss and is therefore escalated for the action to be taken.

Best Practices For DLP Implementation

Here is a lowdown of the best practices to be adopted for a successful “Data Loss Prevention” deployment:

  • Before deciding a suitable DLP vendor, the organizations must identify their business needs and the sensitive data to be prevented.
  • Also, it must be checked that the product to be shortlisted is compatible with the format in which data is stored in the organization.
  • After a DLP product and vendor is shortlisted, its implementation must start with a minimal base. It is vital so as to handle false positives on a smaller base and further to handle sensitive or critical data on a larger base.
  • The operations must be in a position to successfully identify false positives.
  • The fine tuning of DLP policies is crucial for the successful working of DLP product and should be done a regular basis.
  • To draw out the duties of DLP polices, a RACI matrix should be set up.
  • The updating of risk profiles and a detailed documentation of various DLP incidents must be done.

Last word:

DLP if implemented with stringent measures is a boon for any organization in this digital data world.

Image Courtesy: security-faqs.com

Recommended Posts | Data Loss Prevention

Oracle Amazes with Zero Data Loss Recovery Appliance

Oracle Amazes with Zero Data Loss Recovery Appliance

Data protection is one of the most fundamental issues of most enterprises. Now, Oracle has announced its new zero data loss recovery appliance that will help businesses not to lose data and ensure that business functions are interfered with. The major functions of Oracle Zero Data Recovery Appliance ...
What is Social Engineering

What is Social Engineering? 4 Ways we Let it Happen

Social Engineering has become a big problem. This is due of some factors: inadequate training, companies not thinking security is a big deal, and the threats getting more serious like Icloud Hacks. After high profile attacks people are still very trusting, responding especially well to endearment ...
Been Hacked

Have you Been Hacked? Now What?

If your ISP provider notified you that your computer has become part of a zombie botnet, take them seriously. Your computer has been hacked and it is critical that you take evasive actions to protect your data. A virus or other malware that is installed on your computer can now be used to attack ...
 Hard Drive to Prevent Data Loss

How to Sanitize Your Hard Drive to Prevent Data Loss

Important information remains on hard drive after it has been deleted. Emptying the recycle bin only erases the visible document. Unfortunately, MS Word creates and stores 4 copies of each document on hard drive. When one document is deleted a data recovery program can still recover the document ...