Getting started with Data Loss Prevention (DLP)
Data Loss Prevention (DLP) is an IT solution to identify, alert, encrypt, and even prevent sensitive data from leaving the organization. Sensitive data can be any type of medical, financial, or personally identifiable information (PII), as well as company credentials, intellectual property, or customer data. DLP could, for instance, be configured to catch emails or documents containing sensitive data and prevent them from being sent to external parties.
What is Data Loss Prevention?
Data Loss Prevention (DLP) is an IT solution to identify, alert, encrypt, and even prevent sensitive data from leaving the organization. Sensitive data can be any type of medical, financial, or personally identifiable information (PII), as well as company credentials, intellectual property, or customer data. DLP could, for instance, be configured to catch emails or documents containing sensitive data and prevent them from being sent to external parties.
“Your data – be it financial, client, employees or intellectual property – is a valuable asset. So it’s only right that you protect it.”
— Quostar
Why is it important?
Organizations will typically have employees that need to share content with external consultants, agencies, vendors, clients, suppliers, or other institutions.
However, what if the content contains sensitive information? When should it be allowed or prevented to be transferred? What type of sensitive information is usually shared? Who should get alerted about data leakages?
These are all questions the IT administrators must ask themselves, in order to define a set of data protection rules for their DLP engine.
IT admins might want to prevent:
- users from leaking medical, financial or personal information
- sharing an organization’s logins and credentials
- transferring sensitive data to “.ru” emails
Due to stricter data privacy requirements (GDPR, CCPA, HIPAA, etc.), higher penalties, and new challenges around remote work, protecting sensitive data is one of the top priorities for IT leaders.
How does it work?
The illustration shows how all data transferred externally must pass through a DLP engine for approval before getting to the recipient. However, it also suggests that the DLP engine is only as good as the admin has configured it to be.
So ... what can you do with DLP?
Essentially, DLP supports compliance with different security frameworks and data protection policies.
With DLP you can:
- Identify which data is sensitive
- Discover where sensitive data is stored
- Gain visibility and monitor data movement
- Create rules and policies to prevent sensitive data from being shared
- Log incidents for audit purposes
- Take control and determine appropriate actions in the event of data breaches
- Be proactive about data protection and be compliant in real-time
Detectors & Rules - a conditional love
There are two key concepts you need to understand before getting started with DLP.
Detectors are used to find and monitor sensitive data in e.g. documents. They are sometimes pre-built in DLP systems, but can also be set up through a regular expression (regex), a word list, or through “Contain” values. Detectors need to be used with DLP rules before an action can be taken e.g. block external file sharing.
Rules are active barriers that act on detectors. They can, for example, be configured to prevent shared files to be downloaded, printed and copied; alert admins about external file sharings; or even block external file-sharing altogether.
When creating a rule, you can:
- use (and customize) a rule template
- create a new rule using default detectors
- create a new rule from scratch with custom-made detectors
-small.png)
