Data Loss Prevention Strategies for Networks

Why Is It Necessary?

Besides the threat of cyber-assault, there’s the disturbing fact that most corporate data losses may be attributed to users within the corporate network – either through ignorance, lax security practices, human error, actual malicious intent, or other activities such as industrial espionage.

For organizations with a large user or customer base, it’s likely that much of the data being handled is of a sensitive personal or financial nature, and the loss or disclosure of personally identifiable information (PII), personal health information (PHI), proprietary data and intellectual property may have serious consequences – both for their finances and their reputation.

On top of this, there are often stringent legal statutes and regulatory compliance regimes governing data on corporate networks – the likes of Sarbanes-Oxley, the Payment Card Industry Data Security Standard (PCI DSS), HITECH or HIPAA – which lay down strict guidelines and penalties, in the event of its leakage or loss.

Network Data Loss Prevention Considerations

A corporate network is a complex system, with many potential points of data leakage. So a DLP strategy needs to take several factors into account. Circumstances will vary from organization to organization and within the operational and compliance regimes of different industries. But typical considerations include the following:

• Monitoring internal email, Web-based email, network traffic, applications, and social media – with restrictions and controls as needed.
• Inspecting and if necessary blocking traffic on email (internal and Web), HTTP and HTTPS transactions, FTP transfers, TCP/IP, and Web 2.0 applications.
• Inspecting the subject lines, body text, and attachments of outgoing messages, for potentially sensitive material.
• Setting and implementing policies for the monitoring and possible blocking of blogs, wikis, and other Web 2.0 applications.
• Setting risk levels for outgoing email and messages, with associated actions (e.g. block, alert, encrypt)
• Encrypting email messages for added security and in compliance with certain regulatory requirements.
• Notifying end users and network administrators when issues of non-compliance or violation of corporate policy arise.

Low-Level Monitoring

For a network, low-level monitoring provides a baseline defense level. It aims to ensure that all data leaving the network is inspected, and includes:

• Endpoint monitoring, by scanning desktop systems and laptops to keep an inventory of potentially sensitive data stored on them – with measures to secure or relocate this information.
• Monitoring and blocking any sensitive data transferred, transmitted, copied, or printed from laptops and desktop systems.
• Scanning the network as a whole, for sensitive information exposed on endpoint devices, file servers, websites, collaboration platforms, etc.
• Extension of scanning, inspection and protection to mobile devices on the network, via operating system compatible apps and APIs.

Data Loss Prevention Software

Data loss prevention software products (also known as data leak prevention, extrusion prevention, or information loss prevention products) are available from leading manufacturers as pre-packaged solutions, or as custom-made or customizable suites. All are essentially based on a monitoring and remediation policy, which consists of an exhaustive set of rules for how data moving within and out of a network should be treated.

Some (usually legacy) packages rely on the user to draw up a DLP policy for their own network – a process that may take weeks if done manually. An increasing number of more recent products come with ready-made template policies, which users may modify to suit their particular circumstances. Specialist modules may also be purchased and plugged into the system, in other cases.

For low-level or endpoint analysis and integration with BYOD (Bring Your Own Device) policies, compatibility with the major mobile operating systems is an essential feature. So too is support for the major email and Internet file transmission protocols.

Monitoring of social media platforms and e-commerce resources such as Salesforce is a feature of some leading systems, as are tools for monitoring hosted Web platforms such as Microsoft Online Services and Google Apps.

Existing Market Trends

Early adoption of DLP software solutions concentrated on endpoint analysis and network traffic monitoring via laptops, desktop systems, email, mobile devices, USB (flash) drives, and removable storage media. Heavyweights like Symantec and Intel-McAfee still dominate the global market, which stood at $670 million as of 2013, according to figures from Gartner, Inc.

DLP for The Cloud

For the future, the cloud seems set to be the major battleground for data loss prevention solutions and services. A Cloud Adoption & Risk Report from DLP provider Skyhigh suggests that the average organization now engages 759 cloud services, with this number increasing by more than 20% each quarter.

With companies running the risk of having their employees upload sensitive personal and corporate data to a still largely unregulated ecosystem of cloud servers, there’s a need for organizations to extend their existing Data Loss Prevention policies to the cloud – and a corresponding pressure on providers of DLP software solutions to integrate cloud protection into their tools.