General security

How to Secure Data With A Data Loss Prevention Prevention Plan

Graeme Messina
February 21, 2018 by
Graeme Messina

Data loss prevention has become increasingly more important over the past few decades. Access to information systems that contain confidential, private and proprietary data are vulnerable on many fronts. Data loss prevention (DLP) can be thought of as a preventative measure aimed at stopping data leakage.

Gone are the days when physically taking copies of data off of the premises was the only effective means of stealing information from an organization. The Internet is a highly effective means by which data is syphoned out of modern organizations. We will look into some of the most basic concepts of DLP, and how you can prepare your organization against this threat.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

What Is Data Loss Prevention?

DLP is an implemented plan that ensures critical data is not stolen, lost or corrupted. We generally rely on limiting access to confidential data through policy implementation and software applications. These policies define what safe handling best practices within your organization are, and lays out the security requirements for your staff when handling this confidential data.

DLP can therefore be seen as a policy enforcement that utilizes a multitude of tools to achieve data security within your company. These solutions must work in tandem with your existing IT infrastructure, your current data usage policies and your business needs. The means by which this data is filtered, encrypted and handled must be done speedily and accurately without affecting business operations negatively.

What Techniques Are Commonly Used for Data Loss Prevention?

The most common techniques are:

  • Encryption
  • Cryptographic hashing
  • Encoding
  • Data fingerprinting (read, hash and store)

The DLP solution stores no actual data, only fingerprint hashes of the data. This allows the DLP policy to reference the data being sent out against its hashed fingerprint, which will trigger the correct response from the DLP.

Data Classification Policy

You will need to establish what data is sensitive, what data is classified and what data is safe for public consumption. You will also need to know what acceptable use of that information is, and what constitutes a breach of the policy. Based on these policies, users will find that when sending emails, copying data or transmitting information, they will be blocked or made to justify their actions; otherwise, that data will be encrypted and rendered unreadable by the recipient.

An example of this policy when applied to email is as follows: the DLP scans emails, looking for specific fingerprints to run against the stored triggers that are set out in the policy. This allows remediative action to take place once a DLP event has been detected.

Examples of these actions are:

  • Block email all together.
  • Allow message to go, but inform management and/or IT.
  • Quarantine the email, send a bounce back message telling user not to send this type of information out in future, review email and see if it can be sent out. If not, then remediative action can be taken.

In cases where certain employees are allowed to send out confidential information, auditing tools must be in place to check what has been sent for specific periods of time so that data security is managed and reviewed.

What Are the Most Popular Tools Used For DLP?

DLP policies can be applied to emails, web traffic, Wi-Fi routing, firewalls, routers, AD policies and much more. This type of policy is called data in motion DLP, which means that it employs a live monitoring approach that only interferes with data flow if certain criteria are met.

The most commonly used products are:

  • Cisco Iron Port
  • Microsoft Works Management
  • EMC
  • RSA DLP Suite
  • Symantec DLP
  • Fortinet

These are commercial examples of both endpoint DLP and network DLP.

What Are the Main Components of A Data Loss Prevention Policy?

The main components are:

  • Risk reduction
  • Privacy
  • Security

Policies must also be accurate to find confidential information without blocking legitimate data transmissions. In addition to this, users should not be unnecessarily bogged down by additional steps when trying to perform their duties. Instead, a ubiquitous and seamless system must operate in the background, with intervention only being required once a DLP event is triggered.

There are eight essential components that are crucial to your DLP strategy success:

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.
  1. Identify what data is sensitive within your organization: This is the most crucial step in the process of developing a DLP policy. You will need to know what data needs to be secured if you are to lock down your information effectively.
  2. Establish if there is a need for a DLP within your organization: Because a DLP system is quite complex and expensive by nature, it is a good idea to see if your business requirements warrant such an expense.
  3. Consult all stakeholders to ensure inclusive representation: The best way to ensure that your decision to either go ahead with the plan, or go against it, is by involving all business units within the company. Find out what potential damage a data leak could do to their interests and decide from there.
  4. Test your DLP in segments before rolling out it company-wide: If proper testing has not been carried out, you run the risk of blocking legitimate information across the entire company. The opposite is also true if you release a DLP policy that is too lenient and does not make a difference in the fight against data leakage.
  5. Implement a response capability: Once a leak or breach has been detected, you will need to act fast. Having a team of people, a software suite or a security appliance that can intervene quickly is essential. Most solutions incorporate all three of these assets, so think carefully about what your company needs.
  6. Establish information collecting and reporting procedures: This is vital, even when things appear to be running smoothly and securely. At the very least, you will have a plentiful source of standard network traffic to draw from when a comparative data sample is required.
  7. Build compliance measures into your policy that encourage security: Your staff and users will need to treat the DLP with respect, which means it must be a policy of consequence. Effective deterrents must be put in place to ensure compliance.
  8. Create a preferred data sharing method: There are times when sensitive data must be shared with outside parties. In these instances, an established method must be adhered to so that uniformity and compliance can be maintained.

Keeping Your Data Safe

Whichever approach you decide to take when designing and implementing a DLP for your business, you need to make sure it works for your environment. Make sure all stakeholders within your organization are on board with your plan, and that the necessary backing from management is in place. A DLP is only as good as its implementation and enforcement, so be sure to use all of the information in this article when designing your own.

Graeme Messina
Graeme Messina

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.