Data Loss Prevention and Data Classification

From: What is Data Loss Prevention (DLP)? Definition, Types, & Tips (accessed by Benjamin Hobbs on 7/15/2023)

What is Data Loss Prevention (DLP)?

• Data Loss Prevention is a set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.

3 Main Use Cases for DLP

1. Personal Information Protection/Compliance
   • If your organization collects Personal Identifiable Information (PII), Protected Health Information (PHI), or Payment Card Information (PCI) then it may be subject to comply with tighter regulations
     • Health Insurance Portability and Affordability Act (HIPAA) [for PHI]
     • General Data Protection Regulation (GDPR) [for PII of EU residents]
2. IP Protection
3. Data Visibility

• Honorable mention for use cases also goes to:
  • insider threats
  • user and entity behavior analysis
  • suspected advanced persistent threats (APTs)

Trends driving the adoption of DLP

1. Growth of the CISO role:
2. Evolving Compliance Mandates:
3. More Places to Protect Your Data:
4. Data Breaches are Frequent and Large:
5. Your Organization's Stolen Data is Worth More:
6. There's More Data to Steal:
7. There's a Security Talent Shortage:

Other considerations about DLP

• Determine your primary data protection objective first
  • What is the most appropriate DLP deployment architecture or combination of architecture for your organization?
    • There are four main DLP architectures:
    • Endpoint DLP
    • Network DLP
    • Discovery
    • Cloud
• DLP is a business decision, not a security-only decision
  • you need buy in from senior leadership (CFO, CEO, etc.)
• When researching vendors - establish evaluation criteria ahead of time. Such as:
  • What types of deployment architectures are offered?
  • Do they support Windows, Linux, and OS X with feature parity?
  • What deployment options do they offer? Do they provide managed services?
  • Do you need to defend against mainly internal or external threats? Or both?
  • Do you need to perform content- or context-based inspection and classification? Will your users be able to self-classify documents? Do you need a blend of multiple methods?
  • Are you most concerned with protecting structured or unstructured data?
  • Do you plan to see and enforce data movement based on policies, events, or users?
  • What compliance regulations are you bound by? What new regulations are on the horizon?
  • Who are their technology alliance partners and what technologies would you like to integrate with your DLP?
  • How quickly do you need to deploy your DLP program?
  • Will you need additional staff to manage your DLP program?
• Document, document, document
• Share reporting with stakeholders and business leaders.
• DLP is a program, not a product.

Questions for Understanding

1. How would you convince your organization about the importance of implementing a DLP solution?

• DLP is the right thing to do.
  • If we as a business believe that we have a value to our customers, then doing all that we can to safeguard any data that we have about them shows we care, and is right.
  • Also, if we maintain to our shareholders that we have is valuable and will only continue to become more so in the future, then we have a fiduciary duty to do everything in our power to defend that value on their behalf. This is the way.
• Observe the trends.
  • I would rather we built our house of bricks and worry less about the bad wolf, than to build it out of straw to save money and have to worry constantly about dealing with the increasing certainty of of attack.
  • Also, our prudence and initiative can be leveraged into greater market share if our marketing team steps up to the challenge.

2. How would you explain the three main use cases for DLP to friends or family?

   • Personal Info Protection/Compliance- First of all, it makes intuitive sense. YOU wouldn't want to bank at a place that you know has had breaches, just like you would stop confiding in a friend of yours if they garnered a rep for having a big mouth. you don't have to be able to prove it...you just won't do it. Those secrets she tells? that data loss.

   • You know that person at work (maybe even a boss) that always takes credit for your ideas? Gets YOUR praise, YOUR compliments, hell maybe even your raise and bonus too you don't know. Those ideas are YOUR Intellectual Property (IP). You could see why companies wouldn't want that getting out and others taking credit (making money) off of their stuff.

   • If we could hold on to the little data the we didn't really think we needed, it may help more. Like when it might work to go to the store when there are less people there and we on our way somewhere.