Introduction to Data Loss Prevention

In This Section:

The Need for Data Loss Prevention

Data is more accessible and transferable today than ever before, and the vast majority of data is sensitive at various levels. Some is confidential simply because it is part of an internal organization and was not meant to be available to the public. Some data is sensitive because of corporate requirements, national laws, and international regulations. Often the value of data is dependent upon its remaining confidential - consider intellectual property and competition.

Leakage of your data could be embarrassing or worse, cost you industrial edge or loss of accounts. Allowing your organization to act in non-compliance with privacy acts and other laws could be worse than embarrassing - the integrity of your organization may be at stake.

You want to protect the privacy of your organization, but with all the tools making information sharing easier, it is easier to make an irrecoverable mistake. To make the matter more complex, along with the severity of data leakage, we now have tools which inherently make it easier to happen: cloud servers, Google docs, and simple unintentional abuse of company procedures - such as an employee taking work home. In fact, most cases of data leakage occur because of unintentional leaks.

The best solution to prevent unintentional data leaks is to implement an automated corporate policy that will catch protected data before it leaves your organization. Such a solution is known as Data Loss Prevention (DLP).

Data Loss Prevention identifies, monitors, and protects data transfer through deep content inspection and analysis of transaction parameters (such as source, destination, data object, and protocol), with a centralized management framework. In short, DLP detects and prevents the unauthorized transmission of confidential information.

Note - Data Loss Prevention is also known as Data Leak Prevention, Information Leak Detection and Prevention, Information Leak Prevention, Content Monitoring and Filtering, and Extrusion Prevention.

DLP and Privacy

DLP captures original data that caused a rule match, including the body of the transmission and attached files.

Best Practice - Disclose to your users how your DLP deployment works. Tell users that transmissions that violate the data security guidelines of your organization will be stored and may be read by security personnel.

Information disclosure recommendations:

Disclose the privacy policy BEFORE deploying DLP.
Translate the most important DLP rules into guidelines and tell your users what is not allowed and will result in captured transmissions.
Explain that DLP scans only transmissions originating from computers inside the organization (including any source that uses organization resources, such as Remote Access or VPN connections).
Explain how to handle Ask User violations.
DLP incident notifications can be sent by email (for SMTP traffic) or shown in a system tray popup from the UserCheck client (for SMTP, HTTP, FTP, etc.).

If the incident of the notification is in Ask User mode, the user can click the Send or Discard link in the popup of UserCheck client: to handle the incident in real-time.

Important - Make your users are aware of the purpose of the UserCheck client: handle the DLP options directly from the popup.

If the user exits the client, the alternative web page that provides the Ask User options may not function.

Explain that captured transmissions will be logged and saved, and that some may be reported to managers (Data Owners).
Explain that captured emails, attachments, web posts, etc. will be available for review by security personnel.
Explain that review of original transmissions is for organization data security alone - you are not collecting personal information. Therefore, your users do not have, nor require, the option to not have their transmissions scanned.
Make sure that you maintain your guidelines: do not keep or use original transmissions for any use other than review of DLP incidents and rules.