April 3, 2020

Data Loss Prevention- A Foundation to Your Data Security Framework

The rising popularity of Bring Your Own Device (BYOD) has enabled corporate employees to work remotely. Along with the ease of working outside the office, comes security issues that may expose a company’s critical data. Headquartered in the Netherlands, a multinational pharmaceutical company also faced a similar challenge. It was tasked with monitoring the data activities of employees working remotely. The company deployed a DLP solution to prevent illegal data leaks through emails, dropbox, and removable media. The deployment mitigated the risk of data loss by blocking and restricting sensitive data from all unauthorized endpoints, emails and removable devices.

An effective data loss prevention system is imperative for all data-centric enterprises to actively identify malicious activities before they turn into full-blown data breaches.  

What is Data Loss Prevention (DLP)?

DLP is a process that ensures that your sensitive information is not lost, compromised or misused due to access by unauthorized users. An efficient process discovers, secures and monitors sensitive information through in-depth data analysis.

Equifax was fined a whopping $700 million by the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau, in 2017, following a massive data breach. Equifax’s failure to secure its systems compromised the personal information of more than 143 million individuals in the U.S alone. This alarming data breach is one among a handful that surface frequently in today’s data-centric environment.

Other than securing sensitive data, an effective DLP system also accelerates enterprise compliance with the evolving privacy laws around the globe such as HIPAA, GDPR, CCPA, etc. It promptly alerts the user upon policy violations and bridges the sensitive data protection gap in an enterprise.  

Why does your enterprise need an effective DLP framework?

A variety of enterprise data sources can contain sensitive information. Physical and cloud servers, mobile phones, drives, and more such databases store sensitive data that may be vulnerable to breach, destruction, etc.

The volume of data ingested grows in proportion with the enterprise’s growth. This calls for critical and sensitive data to be protected and prevented against loss. Below are other important factors that necessitate an effective data loss prevention strategy-

-Provides sensitive data visibility-

Locating sensitive data from a vast sea of structured and unstructured databases is crucial for an effective enterprise data security framework. It is not uncommon for enterprises to be unaware of what data and data types are ingested and where they are stored.

Does your enterprise store data in a variety of types, formats, and locations? Do you need to regularly track and analyze them? Do you need to establish different user roles within your organization to define who has access to what information? A comprehensive enterprise DLP framework is the one-stop solution for all your data-centric needs.

-Blocks Internal and external data threats-

A Snapchat employee in 2016 shared over 700 employees’ personal information with a man pretending to be the company’s CEO. This calls for establishing checkpoints within the organization to monitor human vulnerabilities that impact the safety of corporate data.

This incident highlights the fact that data loss needn’t always result from external attacks. A variety of employee behaviors can also sabotage a company’s data. From disgruntled employees looking to get back at their companies to unintended employee errors, countless activities can compromise your enterprise’s data.

An efficient DLP framework can help combat such situations by detecting and preventing sensitive information from leaving the company’s network. It can also restrict sensitive data transfers from an enterprise’s database to removable media such as Compact Disks and USBs.

The infamous 2019 Capital One data breach compromised almost 100 million individuals’ personal data because of an external malicious data hack. This could have been avoided with an active DLP system in place.

-Prevents accidental data breach-

Internal and external data threats aside, accidental data breach also has its own place in compromising your enterprise’s treasured sensitive information. An accidental data leak in 2016 by the city of Calgary, Alberta, compromised the confidential injury claims of over 3700 employees. An employee working with that information sought technical assistance from a different Alberta municipality employee which resulted in the breach.

A DLP system could encrypt such sensitive information and prevent the data transfer thus avoiding the possibility of data compromise.

-Restricts data loss via BYOD-

Apart from company-issued devices in the workplace, most employees bring their internet-enabled devices like smartphones and tablets to their organizations. These BYODs carry the potential to introduce security risks to an organization. DLP can monitor/restrict data transfer to such devices and prevent the risk of data loss brought upon by them.

-Control entry of sensitive information into your Cloud environment-

Given the ease of access and storage that cloud presents, most organizations have migrated their data to the cloud. Although, using cloud often means giving up a certain degree of security as the vendor may have access to your data. DLP can discover and encrypt or mask your sensitive information base before it enters your cloud environment. This keeps the data from being tampered or leaked.

-Avoids negative reputation-

Today’s economy counts data as a valuable currency. Organizations that protect their data from compromise, breach, and unauthorized access gain a higher reputation in the eyes of their customers. A single incidence of data breach can take a toll on an organization’s credibility and inevitably result in huge financial losses.

-Provides personal data protection and data compliance-

If your enterprise stores customers’ personal information like credit card numbers, health records, etc. you need an effective DLP solution. Such critical information can also warrant compliance with local/national/international data regulations like HIPAA, CCPA, GDPR, PDP bill, etc. An effective DLP framework helps your organization discover, classify and secure sensitive data, and also prepares you for data compliance audits.

What should you look for in a DLP solution?

  1. DLP Architecture

A comprehensive DLP product such as Kogni is fueled by Spark to facilitate exceptional speed and scalability for your organization’s unique needs. Our sensitive data security product discovers critical information from a number of data sources and integrates with various monitoring tools.

Our simple architecture makes it easy to deploy Kogni into your organization’s security framework and delivers faster time to value. Kogni’s features include-

  1. Should cover a wide range of data types, sources, and formats-

Kogni scans through all available data formats to identify sensitive data. It sifts through structured, semi-structured and unstructured data formats. It also examines cloud and on-premise data to locate critical information specific to your organization. Our predefined data sources include S3 bucket, MySQL, MongoDB, Google Drive, and many more.

2.  Should be able to Classify sensitive data as per User-defined Classifiers-

Kogni’s user-defined classifier allows you to edit and add new sensitive data types that are unique to your enterprise. Our carefully architected classification algorithm uses proprietary context-driven AI and Machine Learning algorithms to enable the accuracy of data discovery. Our predefined data types include Credit card, Date of Birth, IBAN, Zip code, City, URL, Age, Phone, Country, Date, and over 128 other unique sensitive data patterns

3. Should generate a comprehensive dashboard that defines the sensitive data landscape-

Kogni’s comprehensive sensitive data dashboard provides an overview of the distribution of sensitive information across your enterprise’s data sources and types. ‘Explore’ is our one of a kind feature that lets you perform an individual inspection of the number and types of sensitive information that any data source may contain.

4. Should accurately detect anomalies on an enterprise-wide scale and notify users

Kogni’s industry-leading Anomaly Detection analyzes audit events to study normal access patterns in order to detect unusual access patterns.

An audit event is an AI-driven model, which is generated every time a piece of sensitive information is misused. It also captures when and where that information was accessed. This audit event stream, when fed into the Anomaly Detection Engine, detects and alerts upon anomalies such as

  • Sensitive data access request at an unusual time
  • An unusually high amount of sensitive data access requests
  • Sensitive data access request from an unusual geolocation
  • A user's sensitive data access pattern is unusually different from their peers' in similar roles, and many more

Other special features include:

-a notification window that alerts users about important messages

-an inspection coverage tab that updates the extent of completion of the data scan

-a section that summarises the sensitive information categories

How can you pick an effective DLP solution?

The cybersecurity industry presents a wide selection of DLP solutions to combat the long list of data breaches that continue to scare organizations. Making a list of all the parameters that one should consider before choosing a DLP solution can be overwhelming. Below is a checklist that can help you out-

  • Split your enterprise into content creators and content protectors. Content owners are the departments that hold and use sensitive information. Content Protectors are tasked with the responsibility of enforcing controls over the enterprise’s critical data. They include departments like HR, IT, Compliance, Legal and Risk Management.
  • Now make a list of all the data that you want the DLP solution to act on. Arrange them based on their priority. Consider data buckets like Personally Identifiable Information (PII), Intellectual Property (IP), corporate financial data, etc. This will give you an initial, albeit incomplete visibility into the amount of sensitive information that your organization holds.
  • Decide which channels, data stores and endpoints you want the DLP to cover. Determine if you just want your email channel secured or are looking for a more comprehensive data loss prevention strategy. Also, determine if you want your data at rest or data in use monitored and secured.
  • The next step is to determine your expectations around the safety features you require in the DLP solution. Do you want the solution to just monitor and alert upon a violation or discovery of a new sensitive database? Do you want it to automatically encrypt the identified sensitive information? It is recommended that you consider your organization’s changing needs before you answer these questions.
  • The final step is to prepare your organization. Perform the following activities-

-Map out which business unit gets to do what. Assign unique functions to each unit.

-Ask these questions-

     -Which department should raise a request for the protection of data?

     -Which department should create new data protection policies and guidelines?

-Chalk out a workflow for when a specific regulation/policy is violated and ways to fix it.

-Determine who or which department needs to be notified when.

Answering these questions will lead you to a suitable DLP solution for your enterprise.

Kogni can help automate the entire identification, classification and protection through its well-defined enterprise templates. Kogni’s prebuilt and customizable workflows enables easy configuration of entire governance process as described above
Kogni, a world-class sensitive data security product, helps enterprises move beyond perimeter security and enables them to focus on data-centric security. Kogni discovers, secures, and monitors sensitive data at rest in enterprise data sources. Kogni’s approach to data security reduces the impact of a data breach. It assists enterprises to comply with regulations and also enables data governance initiatives by monitoring for policy violations.