Information is a precious commodity. Many institutions regardless of its size have information of interest to many people and those people are willing to pay large sums of money for it or even make major criminal acts to get it.
Access to information in an unauthorized manner can be obtained in many ways. There are attackers at all times seek to exploit the vulnerabilities of information assets, but there are also users that, once they have been authorized to access a specific information asset, may have unrestricted access to the information and carry out actions such as copy and steal through removable storage media, email, dropbox, among others.
This means it is necessary to place a type of controls that allow the user that has been authorized to access the information to manipulate it in the terms allowed by the information asset classification. This is known as Data Loss Prevention (DLP). We can use the classic criteria to classify information: Confidentiality, Integrity and Availability, and can also add other important as Traceability and Non-repudiation. Traceability is the property of information that helps determine the operations performed on it at all times and Non-repudiation is the feature that ensures that a transaction has been for the person whose user ID made and no other. Depending of the classification on each variable, the operations allowed to the information asset can be defined as read only, e-mail transmission, shared resource copy, among many others.
Data Loss Prevention (DLP) Software allows monitoring of the following:
DLP implementations are very challenging because of information identification. If information is not correctly identified, false positives arises and can be very painful as they can stop the information flow inside the whole company. That is why several accuracy tests should be performed with the information asset classification and solve problems before deploying.
Please keep in mind that business needs are first and needs to be satisfied. One cannot implement controls that will make the company operation slow and painful.
Access to information in an unauthorized manner can be obtained in many ways. There are attackers at all times seek to exploit the vulnerabilities of information assets, but there are also users that, once they have been authorized to access a specific information asset, may have unrestricted access to the information and carry out actions such as copy and steal through removable storage media, email, dropbox, among others.
This means it is necessary to place a type of controls that allow the user that has been authorized to access the information to manipulate it in the terms allowed by the information asset classification. This is known as Data Loss Prevention (DLP). We can use the classic criteria to classify information: Confidentiality, Integrity and Availability, and can also add other important as Traceability and Non-repudiation. Traceability is the property of information that helps determine the operations performed on it at all times and Non-repudiation is the feature that ensures that a transaction has been for the person whose user ID made and no other. Depending of the classification on each variable, the operations allowed to the information asset can be defined as read only, e-mail transmission, shared resource copy, among many others.
Data Loss Prevention (DLP) Software allows monitoring of the following:
- Data in motion: When a network security perimeter is in place, just before traffic reaches the firewall the DLP device should be placed to monitor incoming and outgoing traffic and then realize which users are violating information security rules by performing unauthorized transmission of information assets.
- Data at rest: Information Assets are stored into servers located inside datacenters. DLP software can be installed into servers to learn about sensitive information stored in unsecure locations as open windows shares and unencrypted storage devices.
- Data in use: DLP software can be installed in endpoint devices to control the transmission of information assets like instant messaging, desktop e-mail clients and web transmissions.
DLP implementations are very challenging because of information identification. If information is not correctly identified, false positives arises and can be very painful as they can stop the information flow inside the whole company. That is why several accuracy tests should be performed with the information asset classification and solve problems before deploying.
Please keep in mind that business needs are first and needs to be satisfied. One cannot implement controls that will make the company operation slow and painful.
