SOHELMUGAL ON WEB

HOME | CONTACT
SMOW - DATA LEAKAGE
30 JULY 2021
DATA LEAKAGE
DATA LEAKAGE PREVENTION
DATA LOSS PREVENTION


COMMON ACRONYMS
DLP

SOURCES OF INFORMATION/ COMMON STANDARDS OF PRACTICE
  1. Microsoft 365 compliance documentation
  2. EU General Data Protection Regulation (GDPR)
  3. National Privacy Regulations

DEFINITION
Data Loss or Dat Leakage is the unauthorized transmission of data from within an organization to an external destination or recipient. Data Loss Prevention OR Data Leakage Prevention (DLP) is a collection of human efforts, processes, technologies and tools that monitor and protect business data from unauthorized access. Common sources of data leakage/ breach are as follows;
  1. Computers
  2. Social Media
  3. USB Drive
  4. Printers
  5. Email
  6. Internet
  7. Trash
  8. Camera/ Screen Capture
  9. Compact Discs
  10. Audio
  11. Humans
These breaches are sometimes malicious or intentional, but are more often simply caused by human error (such as an employee mistakenly attempting to print or email a sensitive document). No matter what the intent, having a well-configured DLP in place will prevent these mistakes from becoming breaches.


CLASSIFICATION
Today’s enterprises require robust data protection solutions that effectively secure all forms of data created, utilized, and maintained by the organization. Data can be of two types;
  1. Structured Data: This data is clearly classified and easily searchable both by humans and algorithms. It is often stored in data warehouses/ relational database (RDBMS), such as Airline reservation systems, Inventory management systems, Sales control and analysis, ATM activity, Customer relation management etc. Structured data stored in databases can be secured relatively easily. Access can be restricted according to strict guidelines.
  2. Unstructured Data: This data can not be easily classified by algorithms. It is easily communicated and easily understandable to humans. Examples are PDF files, Emails, Word processing documents, Image, audio and video files, Social media posts, Spreadsheets, Mobile text messages etc. Unstructured data is not stored centrally and is spread throughout an organization – it exists anywhere users are accessing or creating content, making it harder to automatically identify and protect.
When DLP technology is implemented, it protects data in variuos places, such as:
  1. In use by authorized personnel
  2. In motion: Also called Network DLP puts a secure perimeter around the data in motion on the network, (while being transferred via the intranet).
  3. At rest: Also called Endpoint DLP security which monitors data as it moves to and rests at endpoints regardless of where they are or how they’re connected to the network or internet. It detects when sensitive data is saved unencrypted in the files on the devices (on a file server or in a database)
  4. Cloud DLP: It enforces the DLP rules and policies on select cloud accounts. It does not form a perimeter around a traditional on-premises network like Network DLP does. Instead, it integrates with cloud tools like Office 365 and Google’s G Suite (and many others). This allows users the convenience and security of using cloud apps and cloud storage without risk of data breach or loss.

WHY
Depending on the type of organisation one works for, the concsequences of data leakage can be as follows;
  1. Damage to Country's reputition
  2. Damage to Organisation's reputition
  3. Damage to one's personal or family's reputition
  4. Damage to one's business/ market
  5. Lawsuits from affected parties
  6. Loss of intellectual property
  7. Loss of Competitive advantage

WHEN
Not every individual or organisation requires DLP. It should be implemented mainly if;
  1. You deal with regulated data (e.g. credit card numbers) and you are answerable to auditors and assessors for proving your due diligence and control mechanisms
  2. You store customers' personally identifiable information
  3. You store well-defined intellectual property
  4. You know exactly what you want to protect
  5. You have the resources to monitor employees
  6. You have established policies that suit your environment
  7. You are ready to block activity when violations occur
  8. You want to take burden of data protection away from human judgement and place it on the software
  9. You belong to industries such as financial services, healthcare, high-tech manufacturing, retail, pharmaceuticals and engineering etc.

HOW
Various technologies and controls can be implemented to ensure Date Loss protection, for structured or unstructured data, such as ;
  1. STRUCTURED DATA PROTECTION
    1. Central Storage
    2. Track Data Entry
    3. Track Data Usage
    4. Managing authentication and encrypted communication with Secure Socket Layer (SSL) protocol
    5. Using remote access to locate and wipe data from missing devices
    6. Training employees on policies and best practices

  2. UN-STRUCTURED DATA PROTECTION
    1. Identification: Identify which compliance regulations or privacy laws apply to your organization, and build your classification plan accordingly. Identify Unstructured Data at Point of Creation. Often, it’s coming from a structured data source. The security risk can be mitigated with secure data environments to store the unstructured data files.
    2. Assignment: Assign an Owner to Sensitive, Unstructured Data. Find the people who are collecting and modifying unstructured data. Make them responsible for its security.
    3. Tracking data: Track the flow of unstructured data through an audit trail.
    4. Classification: Data classification or data tagging is the process of categorizing data, to specify the level of internal control required to protect against theft, compromise and inappropriate use. All data has an owner and it is the responsibility of the owner to classify data into one of the security levels- depending on legal obligations, costs, corporate policy and business needs. Data Classification can be done either by Metadata Tagging (user defined) or Sensitive Keyword searches (pre-defined) by assigning categories as follows;
      1. Non-Business Use (e.g. Boarding Pass)
      2. Public (e.g. Newspaper, Product brochures widely distributed etc.)
      3. Internal/ General Use (e,g, Company Policies, Procedures, internal-only memos, company telephone books, or other internal communications, business plans, etc.) This type of data is strictly accessible to internal company personnel or internal employees who are granted access.
      4. Confidential (e.g Company Audit data, Sales figures, Employee Salaries). If data owner is not sure at what level data should be classified, then this level should be applied.
      5. Strictly Confidential (e.g. Goevernment related data, data protected by state and federal regulations.)
      6. Restricted (e.g. proprietary information or research)
    5. Detection Integrity: Avoid false negatives. Failure to spot information that is actually sensitive — can lead to undetected leaks. False positives — alerting on data that isn’t actually sensitive — wastes the security team’s resources and leads to conflict with users falsely accused of improper behavior. Therefore, DLP solution should minimize both false negatives and false positives. A ticketing system and incident response system could be developed to reduce noise and resond to legitimate issues.
    6. Digital watermarking It is a a technology in which identification information is embedded into the data carrier in ways that cannot be easily noticed, and in which the data usage will not be affected. This technology often protects copyright of multimedia data, and protects databases and text files. Since a digital copy of data is the same as the original, digital watermarking is a passive protection tool.
    7. Disk Encryption: It converts information into unreadable code that cannot be deciphered easily. It can be software or hardware based. It is used to prevent unauthorized access to data storage.
    8. Data Encryption: Since disk encryption generally uses the same key for encrypting the whole drive, all of the data can be decrypted when the system runs. Conventional file and folder encryption instead allows different keys for different portions of the disk. Thus an attacker cannot extract information from still-encrypted files and folders.
    9. Cloud access security brokers (CASB): It is cloud-hosted software or on-premises software or hardware that act as an intermediary between users and cloud service providers. DLP solutions do not provide complete cloud coverage and CASB solutions do not provide adequate DLP coverage. Employing both solutions provides comprehensive coverage.
    10. Security Information and Event Management SIEM): Many incompatable devices may be using different DLP systems. SIEM allows to collect and coreelate events, and helps in identifying patterns and breaches easily.
    11. Internet of things (IoT) Security: IoT security is the act of securing Internet of Things devices and the networks they're connected and to cater to complex challenges posed by cybersecurity in the expansive hyper-connected IoT world.
    12. Device Control: Device Control software is an application that monitors and controls the data transfers from endpoints to removable storage devices (such as USB drives, smartphones, WiFi network cards, tablets, printers, external Hard Disks etc.) and protects against data loss. It can protect you from insider threats and accidental data leakage that happen because of removable devices.
    13. Digital Rights Management (DRM): It to control and manage access to copyrighted material (digital media) to avoid taking control of digital content away from the person who possesses it and handing it to a computer program. This mechanism prevents users from copying, redistributing, or converting content in a way that is not explicitly authorized by the content provider. DRM technologies do not catch those who engage in piracy.
    14. Adobe LiveCycle Rights Management: It is an Enterprise level DRM, that only authorized people can read your documents. These documents can contain many types of information, including text, audio, and video files. One can safely distribute any information that is saved in a supported document.
    15. Identity and Access Management: It provides control for who is authenticated (signed in) and authorized (has permissions) to use resources. It is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities. With an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations. Systems used for IAM include single sign-on systems, two-factor authentication, multifactor authentication and privileged access management. These technologies also provide the ability to securely store identity and profile data as well as data governance functions to ensure that only data that is necessary and relevant is shared.
    16. Public Email Blocking: This is to stop users from sending sensitive data to their personal web-based email accounts. Personal email – the term in itself refers to content unrelated to business. Giving your employees access to personal webmail accounts (OWA, Gmail, Yahoo, Hotmail etc.)may also cause distractions in the form of music files, jokes, chain letters, and disrupt the productivity of your employees while on company time.
    17. Social Media Blocking: Many companies are choosing to block social media access at work because they fear employee misuse as well as the resulting drop in productivity. However, even if your company does decide to block access at work, you still need a comprehensive social media policy and business ethics training to help reinforce the policy’s message. With a tap of a keyboard, many years of careful and expensive branding and marketing can be undermined. Risks for not blocking Social Media at work place are, Misuse of confidential information, Misrepresenting the views of the business, Inappropriate non-business use, Disparaging remarks about the business or employees, Harassment, and sharing private/ sensitive data with the public.
    18. Blocking Internet Based File Sharing: Just as USB and CD access is blocked, it is important to block internet based file sharing too. Then, sometimes it is important to share data with outsiders and third parties, especially when Non-Disclosure Agreements are in place. It is important to either establish company file-sharing portals so that all transfers are monitored, or, to develop a permissions/ authorisations policy, where a senior or a manager can authorise temporary access to the user to do so by using internet based file sharing applications. The permission is still allowed and monitored by the DLP management team
    19. Information Rights Management (IRM): Applications like Microsoft provide protection features, which restrict certian actions (such as printing, copying, forwarding) on a shared document, such as "Do not Forward", "Read Only" etc.
    20. Paper Shredders: Installation/ Provision of paper shredders to encourage any and all documents with personal or confidential information is the best way to guarantee that the information will never be stolen or compromised.

EXAMPLES
...

DOWNLOADS
...

SOHELMUGAL ON WEB
This website is solely managed by Sohail Moughal as a personal research to understand, manage and archive various aspects of his work in his life. It is continuously being updated and developed, and the information at the time of viewing may be incomplete. It is personal to Sohail Moughal and any use of information by others does not make Sohail Moughal liable, guilty, responsible and/ or accountable for anything at all.