Maksim Kabakou - Fotolia

Security Think Tank: Focus on data protection, but do not rely on DLP alone

Why is it important to know where data flows, with whom it's shared and where it lives at rest – and what is the best way of achieving this?

Intangible information assets can represent more than 80% of an organisation’s total value, yet many organisations remain focused on protecting their security perimeter and IT infrastructure rather than actual data.

This leaves organisations blind to the movement of data – both within and out of the network – and therefore unable to effectively protect data from exfiltration, or even detect when data has leaked.

In today’s world of remote working, external collaboration and use of personal devices, data is accessed by multiple users through different devices and networks, which may not be controlled by an organisation. Meanwhile, the advent of cloud services and file-sharing applications has not only contributed to the ease of sharing data, but also created more locations for data to reside.

Keeping track of where data flows, how it is used on endpoint devices, who accesses the data and where it resides is not a straightforward undertaking, but it is essential to prevent data from leaving an organisation.

Monitoring the usage and movement of data also helps to safeguard intellectual property, such as trade secrets, and enables compliance with regulatory requirements like the General Data Protection Regulation (GDPR).

The proliferation of data, coupled with technological advances, means data now exists in multiple places in different formats. Consequently, there are a range of channels through which data can leak, such as email, social media, instant messaging, web posts, cloud storage, screen capture and portable storage devices.

By mapping data flows, organisations can establish where data is at risk of leaking and put in place the requisite controls to treat the risk. This may involve fixing insecure business processes, educating users on the proper handling of data or remediating user activities through technology, such as data leakage prevention (DLP) tools.

DLP tools can detect data according to specified parameters and apply protective actions to stop users from leaking data (e.g. block the transfer of a message, encrypt data or move a file to a secure location).

Over recent years, DLP tools have made a resurgence (driven in part by regulatory requirements) and become a common security control for protecting data that is in transit over the network, in use on endpoints and at rest in storage. By deploying DLP tools, organisations can gain visibility of their data, including where it is located and how it is processed.

Importantly, research by the Information Security Forum identified that DLP tools deliver value and succeed in reducing the risk of data leakage only if they are implemented as part of a holistic DLP programme that incorporates a range of elements spanning technology, people and process.

Integral to the success of a DLP programme is executive buy-in and the ongoing input of business stakeholders. DLP is a security control dedicated to addressing a business problem, so to realise its benefits, it needs to be properly deployed and maintained in a way that aligns with the business.

As DLP continues to surge in popularity, those organisations who do not deploy some form of DLP technology will struggle to claim their information security is contemporary, robust and comprehensive.

Read more on Privacy and data protection