Perimeter 4min de Leitura - 26 de August de 2020

Data Loss Prevention – DLP, Best Practices

Vassoura varrendo números binários, simulando data loss prevention

This post is also available in: Português English Español

Preserving the integrity and confidentiality of information is a constant challenge for business and has grown in a frightening way in recent years. Integrity ensures preservation of data, while confidentiality, if you wish, guarantees privacy of data to authorized persons or institutions.

The challenge of ensuring the integrity of information over time, whether stored or in transit, has led market to specialize in creating tools to minimize information leakage. This is not a reality for every business, but more and more companies have developed digital guidelines to protect their information.

There are a number of technologies for minimizing security incidents, and one of the most applied and recommended methodologies is to treat defense in depth by adding layers to protect information.

Among the technologies that have gained space over time, we can highlight Data Loss Prevention – DLP, which is nothing more than technologies that allow us to act directly in the prevention of leakage or loss of information by companies. It is a broad concept, in which its applications can be very specific according to the need of each business, respecting what one wishes to protect.

Therefore, in this post we will bring in a more comprehensive way the good practices involved for companies that wish to start their understanding on the subject, thus helping in the knowledge building process until the solution is implemented.

The several types of data

Before specifically mentioning Data Loss Prevention – DLP, it is strongly recommended that you have an understanding of the various types of data available, making it possible to determine the type of solution best suited to each need.

In general, literature brings three types, which are related not only to storage, but how they are represented and accessed in time. The first one deals with *data in use*, that is often used by servers, laptops, etc., linked to a recurring activity of collaborators.

The second type is *data in transit or in motion*, used in computer networks. In this case, Data Loss Prevention – DLP solutions must be able to interpret the occurrence at the network level, classify and execute actions according to the policy implemented in the company.

The third type is those data stored in database or file servers, which the specialized literature ends up mentioning as data at rest.

Most important is to understand that data types require strategies and often-different solutions to ensure their compliance. For data in use, it is necessary to prevent circumvention by copying in external media and the like. For data in transit, DLP must have the ability to analyze network events online, and for data at rest, the solution must be able to monitor sensitive data points that should not be accessed, copied, or changed.

Data Loss Prevention in the identification and classification of sensitive data

It is impossible to create an information protection policy if there is no knowledge of the data types existing in the company, and classify them as to the privacy criterion, risk, storage location (if any), and others necessary to distinguish one information of the other.

Because of this, before thinking about a Data Loss Prevention – DLP solution, you need to do your homework with the items being addressed by this article in order to actually purchase a product that meets the needs of your business. Implementing Data Loss Prevention – DLP without having the data properly classified and knowing what you want to do, will naturally cause a huge incidence of false positives, which can prevent the monitoring and protection of the infrastructure, as well as the routine of work itself.

Many solutions allow these classifications to be made easier by sweeping data and creating indexes that allow you to sort files and other electronic representations of data. Nevertheless, if that is not possible, create a minimal organization of what you want to protect.

An interesting additive in the classification is to place a data that determines who is the owner, or responsible, for that information, file, folder, database, etc. This will make it easier to define DLP policies from who should be notified in case of non-compliance, decentralizing first-level control from the security or information technology department.

Define policies and monitoring

For data types, presented risks and storage or presentation format, there is likely to be a different policy for control. Because of this, first, define the policies according to the technical capabilities of the solution.

Policies are nothing more than a set of rules that determine expected behavior of a data or information. Any movement other than normality, whether performed by the user, or by direct intervention of some software, the planned actions are taken.

The simpler the policies are and can reflect the business need, the more easily the environment will be managed. It is always interesting to start with monitoring actions, so it is possible to go through an adaptation period and understand how the rules are interacting with the environment. Over time and the maturing of policies, actions can be changed gradually to not only monitor, but also take action to block in case of non-compliance.

If your company decides to deploy a Data Loss Prevention – DLP solution, preferably start in monitor mode, this will considerably reduce the impact to users and organization, while allowing you to test the policies that have been deployed. Verify which are the most used, what is more breached, and make the necessary adjustments to run 100% in accordance with the business need.

Educating or training users

The human side is always a delicate point in any change, so it is extremely important that they receive adequate change training, except in cases where the solution is being transparently placed to identify potential problems already occurring in the institution.

It is important that human resources are properly involved in this process to ensure properly the rights and duties of employees with regard to the data and what actions will be taken in case of violation of the policies created. Many companies, especially the smaller ones, end up ignoring this highly important step.

It is important to contextualize that Data Loss Prevention – DLP solutions are not only applicable to guarantee security against information leakage, in fact, they are great allies of employees, and in this way, they must be understood as a complementary tool to their own safety, within the environment corporate.

Because of this, it is interesting that a Data Loss Prevention – DLP strategy, when combined with an endpoint solution, informs the user of non-compliance and allows them to correct it and continue with the operation. This is an important way to educate and bring users to the proper use and purpose of the solution.

The universe of Data Loss Prevention – DLP solutions is extremely extensive, so before you even think about a solution, check if your business is properly structured with the basic lessons brought in this document, and if so, take the next steps to make a comparative analysis of the solutions based on the need evidenced.

This post is also available in: Português English Español