Data Loss Prevention (DLP) systems have proven to be highly effective in safeguarding companies’ valuable data from leaks. They earned a spot in the information security ecosystem due to extensive automation, the use of machine learning, and a significant reduction of server load.
Enterprise security departments need to implement comprehensive measures for organizing employees’ work with sensitive information. The accelerating digitalization of various routine processes, the shift toward remote work, and the increasing number of communication channels – all these create different attack vectors for intruders who seek to gain unauthorized access to business-critical company data.
What tasks can modern DLP systems accomplish besides averting leaks? What are the nuances of integrating them with today’s cybersecurity processes? What should you expect from vendors and the evolution of DLP products in terms of mitigating customer risks? This article will dot the i’s and cross the t’s.
DLP evolution stages
Let’s start with a brief retrospective. DLP is a mature product with about 20 years of track record in the security market. The need for such solutions emerged when banks and major corporations started accumulating sensitive customer data that gradually began to leak into the public domain.
Governmental scrutiny was the next evolutionary step, giving rise to ad hoc legislation, and later to international standards. For example, in the financial sector, it is the Payment Card Industry Data Security Standard (PCI DSS); in the healthcare area – the Health Insurance Portability and Accountability Act (HIPAA), etc.
Strengthening the protection against fraud within corporations was the third step in DLP evolution, where the role of these systems is to surveil employee communications and block suspicious activities. As a result, interest from businesses has grown dramatically in recent years. There have always been and will always be unscrupulous people looking for company assets that can be monetized.
DLP systems are primarily geared toward solving the following problems encountered by organizations:
- Intentional leaks – malicious actions of insiders.
- Unintentional leaks – these stem from staff members’ slip-ups. When a DLP is being deployed, employees learn and understand how to handle information, which reduces risks for the company.
- Compliance – ensuring that security standards are met when dealing with sensitive data.
- Protection against external threats – ransomware is a prime example of such peril; moreover, cyber extortionists are increasingly stealing data in addition to encrypting it.
Recent impactful data breaches
Data leaks happen all the time. Government agencies, international organizations, banks, online services, and other high-profile companies are on the receiving end of these attacks. The following examples will help you grasp the scale of the problem:
- Uber: the names, addresses, and phone numbers of 50 million customers and 7 million drivers were stolen and published on publicly available resources.
- Facebook: personal data of a whopping 533 million users ended up on a hacking forum.
- Marriott hotel chain: more than 5 million customer databases were stolen.
According to the findings of Risk Based Security, 1,767 data breaches were reported globally in the first half of 2021, spilling more than 18 billion records into the wild.
How feasible is leak prevention in general?
It is important to understand what exactly DLP protects. It isn’t the silver bullet, as security is always a complex process. DLP works wonders for securing digital communications channels, tracking user actions on workstations, and controlling file storage locations. However, it won’t help if someone puts a hard drive in their pocket and walks away with it.
Building a company’s leak protection strategy is possible if you combine several factors in the context of DLP:
- Information security – controlling all events and transactions that involve sensitive data.
- Economic security – investigating specific incidents.
- Human resources security – DLP systems can draw conclusions by analyzing the actions of an employee.
Whereas modern DLP systems provide a decent level of protection against leaks, they are not enough to forestall breaches. Data-related processes and procedures within the company may need an overhaul as well.
Who is responsible for managing a DLP system?
In most cases, the information security or economic security department is in charge. Businesses know the true cost of security breaches and are increasingly turning to vendors. Many large organizations, especially those in the banking sector, are using these systems nowadays. Effective prevention requires, on the one hand, the maturity of a company’s InfoSec workflows, and on the other hand, the technological sophistication of the DLP solution itself.
DLP deployment peculiarities
As a rule, DLP installation points are as follows:
- Agents: network agents (servers, gateways) and host agents.
- Cloud services.
It doesn’t matter whether the customer’s infrastructure is hosted in the cloud or on-premises. Either way, the protection of communication channels will be concentrated at the core of the network. This is more of a technological issue, and it all depends on the company’s goals and security priorities. When a DLP system identifies an unsecured file in the cloud, it blocks access to such an object and notifies the security team. This helps avoid the disruption of business processes.
It is important to use DLP sensitivity labels as a supporting tool. To do this, you need to individualize policies by category (content, groups, etc.) and then use the tool’s interface to tag files that should be protected. However, these labels have a drawback: they are often not inherited and may get lost when a file is moved to another location.
New DLP features in 2021
It is worth singling out the following innovative features and capabilities of present-day DLP systems:
- Aggregating passwords for accessing corporate resources (a weak password is a serious vulnerability).
- Web isolation technology that applies to users exhibiting suspicious activity.
- Cloud Access Security Broker (CASB) functionality.
- Building a unified DLP system of geographically distributed installations.
- Staff control – supervising user productivity.
- Screen capture protection technology.
- User reputation filters.
- Automatic detection of graphical “fingerprints” (CEO’s signature, company seal, etc.).
Experts believe that DLP solutions will gradually absorb many CASB features. Vendors are also growingly leveraging machine learning to increase processing speed and reduce workload. Another trend comes down to strengthening User Behavior Analytics (UBA) modules to predict and prevent leaks.
As part of the containerization trend, orchestration environments and repositories that host these environments need to be monitored. As for multi-language support, it is widely available both in the interface and in the program code (working with tags, labels, names, etc.)
How to choose a DLP system?
First and foremost, the customer needs to understand what problems they want to solve with DLP. A vendor can point the company in the right direction. This is a matter of close interaction, where an appropriate level of expertise on both sides is important.
In general, here is a checklist of the criteria that will help you choose a DLP solution that will meet your expectations:
- Channels – the communication channels that need to be secured.
- Deployment and distribution – the complexity of implementing the solution.
- Pre-configured templates – sets of available policies, rules, and scripts.
- Availability of a classifier.
- Interaction with the vendor (dialogue, support, training, etc.)
- Fault tolerance, resources, and performance – hardware and software requirements, how the system handles a functional load.
- Automation of self-support and follow-up tasks.
- Pilot project – before making up your mind, implement a trial version of the tool, play around with its features, and generally immerse yourself in the product as much as possible.
DLP trends and forecasts
Digitalization spawns massive amounts of valuable data, leads to more significant consolidation of this information, and thus entails higher risks. Wherever this data travels, it needs to be protected. One of the key challenges for DLP systems is the automation and deep integration with business processes.
The merging of DLP and CASB is another trend – these are currently separate solutions. On the other hand, CASB is also gradually acquiring DLP functions. The convergence of cloud and local solutions will take shape, too.
Experts believe that the next evolutionary step is the transformation of DLP into a system that protects against a wider range of threats. We are close to something more ambitious that will pave the way for the further evolution of corporate defenses.
Can DLP systems help imprison insiders for causing data breaches?
DLP wouldn’t have existed for so many years if it didn’t block leaks. It also helps with investigations whose results can be used as evidence in court. Also, to put a fraudster in jail, you need proof of material damage, and DLP inherently prevents that damage.
How quickly are DLP updates released when a new operating system or browser version goes live?
A firmly established product should be resilient in terms of these updates. Many vendors stick with a principle known as “same-day support,” rolling out a new version the day updates are installed across the customer’s digital infrastructure.
What are the recommendations for legitimate use of collected DLP data to reward or penalize employees?
Although the question is quite relevant, these practices are not regulated in any way. The most important thing is for an employee to understand that all information they possess belongs to the company. Also, DLP monitors only a person’s activity in the workplace and nothing more.
DLP has evolved into a powerful instrument that addresses risks associated with data leaks. However, it is an element of a larger whole rather than a plug-and-play protection system. Leak prevention is a complex of measures that includes proper data management hygiene inside a company and well-coordinated functioning of different departments. It is important to identify malicious insiders as early as possible. HR and security departments should run background checks and use other instruments like lie detectors.
The important areas of DLP progress at this point are automation, deep integration with information security processes and cloud services, CASB functionality support, and enhancement of machine learning modules to predict threats, speed up overall product operation, and reduce hardware load.