As enterprises expand, the amount of data they collect grows exponentially. From customer information and intellectual property to employee data and financial records, bigger companies accumulate the kind of highly sensitive information (PII, PCI, PHI and more) that attracts malicious outsiders and falls under the scope of data protection regulations the world over. This brings with it increasingly complex challenges that enterprises must address in the development of their data protection strategies.
To meet them, enterprises have a number of security products at their disposal. Among them, Data Loss Prevention (DLP) solutions address a number of issues that fall outside the scope of traditional data protection tools such as antiviruses and firewalls which focus on outside threats. Protecting sensitive categories of data directly rather than the systems collecting and storing them, DLP tools provide a way to identify, monitor and control the enterprise data that they need to protect. Let’s take a closer look at the benefits DLP solutions can bring to enterprises’ cybersecurity frameworks.
Compliance with Data Protection Regulations
One of the biggest challenges enterprises face when it comes to data protection is regulatory compliance. The EU’s General Data Protection Regulation (GDPR) ushered in a new era in data protection legislation that grants new rights to data subjects and places the responsibility for data protection squarely on companies’ shoulders. While previous laws, most notably in specialized areas such as finance (e.g. PCI DSS) and health (e.g. HIPAA), imposed some data protection requirements on enterprises, GDPR was the first to make data protection by design and by default mandatory and impose hefty fines on anyone found to be non-compliant with it.
GDPR has since served as the blueprint for a number of similar, strict data protection regulations around the world, from the California Consumer Privacy Act to Brazil’s Lei Geral de Proteção de Dados (LGPD) and Thailand’s Personal Data Protection Act (PDPA).
Data transparency is a key element of any compliance effort. Enterprises must be aware of where sensitive data is stored, who has access to it and how it moves in and outside their networks. Enterprise DLP solutions help find, monitor and control sensitive information on company networks. By ensuring employees cannot transfer, copy or upload data such as Personally Identifiable Information, enterprises can reduce the chances of data exfiltration and data leakage.
Laws like the GDPR also grant data subjects the right to request that their data be deleted. This means that companies must remove every copy of their data from their systems. This can be done with DLP tools that can scan all network computers, find predefined data and delete it where it is found.
Addressing Human Errors
Most of the data breaches that make headlines are spectacular cyberattacks, but the truth is external threats account for only 51% of data breaches according to the 2019 Cost of a Data Breach Report released by the Ponemon Institute and IBM Security. The rest are due to human error and system glitches.
While employee training can reduce the number of incidents, it cannot completely eliminate the risk of internally-caused security incidents. To err, after all, is human. Employees might be overworked, tired or preoccupied which may reduce their alertness even if they are aware of the best security practices. One moment of carelessness is all that stands between an enterprise and a disastrous data breach.
Enterprise Data Loss Prevention solutions help enforce data protection policies by monitoring sensitive data in real-time and preventing end-users from sending it to recipients outside the organization, posting it online or using unauthorized third-party services to transfer or process it. By logging policy violation attempts, enterprises can also identify weak security links and address them through training.
Protecting Intellectual Property
When it comes to data security, most of the discussions surround personal information and the special categories of data protected through various regulations. However, there is a third category of sensitive data enterprises need to protect: intellectual property. Whether it’s proprietary code, video or audio files being produced or edited or documents under embargo, the leaking of these types of data can negatively impact the reputation and financial gains of an enterprise.
DLP technologies are not limited to the protection of personal information as regulated through data protection legislation. They also allow companies to define their own categories of protected data based on their specific industry needs. Some tools even provide predefined profiles for existing intellectual property data such as code or audio and video files.
Securing Data on the Move
A frequent blind spot of data protection strategies is data in motion. Portable devices have made it very easy for employees to take company information out of the office whether to work remotely, join industry events or attend meetings with clients. Cybersecurity frameworks tend to focus on the company network and while this means that data is secure while employees are on the premises, the moment they leave the security of the office with their work devices, that data becomes vulnerable.
DLP solutions, when applied on the endpoint, can ensure the same level of protection for data whether the computer is in the office or outside it. The same policies that apply when a device is connected to the company network will apply when it is connected to a public or secure WiFi connection. In this way, employees will not be tempted to bypass security procedures and data will continue to be monitored and controlled.
Limiting Portable Devices
Most information protection strategies address internet-based threats such as external attacks or internal attempts to transfer data outside the company network, but often ignore an easy way to infect computers, steal or transfer information: portable devices. USBs, in particular, have become a weapon of choice in the arsenal of cybercriminals and the ease with which employees can misplace them represents a constant worry for many companies.
DLP tools allow enterprises to block the use of USB and peripheral ports altogether or limit their use to trusted devices. These can be company-issued portable devices or USBs that use encryption software to ensure that any data copied onto them is automatically encrypted.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.