Data loss prevention software is a vital component of your security infrastructure
You know what data loss prevention is, but you may have some lingering questions about how to prevent data loss. Data loss prevention software is not the silver bullet in the constant battle for data security. It is, however, an important arrow in the InfoSec team’s quiver. Data loss prevention software helps teams automate much of the daily tasks that are required to keep sensitive company data secure.
Data loss prevention methods have evolved over the past several years as organizations have transitioned to cloud computing. While many methods remain important, such as backing up your data and using strong passwords, securing data in the cloud is challenging in several ways. Companies that use G Suite or Office 365 can no longer rely on perimeter network defenses to secure data stored, accessed, and shared in the cloud.
Categorizing Data Types in Data Loss Prevention Software
When you are just getting started data categorization will likely be more of a manual process than software-driven. Much of that process depends on the amount of data you’re working with and how complicated your infrastructure is. Most of the data loss prevention software available will use some level of machine learning to process and categorize common data types.
For example, many solutions have the ability to identify and classify credit card numbers stored in a spreadsheet or an email. Some even use optical character recognition to detect images of credit cards. Most data loss prevention software solutions incorporate this level of data classification out-of-the-box because spreadsheets, emails, and images are common data types, and because there are compliance regulations around how companies are required to store and secure credit card information.
On the other hand, custom information like company financial data, strategic plans, and intellectual property will need custom categorization settings. Using data loss prevention software, you can set up custom category types.
Data Loss Prevention Rules and Policies
Data loss prevention software relies heavily on rules and policies that drive action- basically, rules tell the software what data needs to be checked, and policies tell the software how to handle it.
Let’s say you want to make sure that customer credit cards are not shared outside of a specific group of users within your company. Most solutions have templated rules for this that your can use, but we will continue with this instance to better understand the software.
First, you will set up a rule within the data loss prevention software that tells it what credit card numbers look like. You will need to set up a “pattern” for the system to check for, you should also be able to set up “whitelist” patterns and words in the rule. This will reduce the number of false positives you experience once the policy is live. Most, if not all, of the data loss prevention software on the market today will include the ability to validate the number of false positives using the Luhn algorithm, either by providing you with the option or simply doing it automatically.
Once you have your rule set up to detect credit card numbers in your environment, you need to set up policies to tell the software what to do with the card numbers. Again, there is usually an “out of the box” template for this type of data loss prevention policy but it’s good to know how to adjust it if you need to down the road.
Policies are where the fun really begins. Policies are set up by identifying the rule as a “trigger” and then telling the data loss prevention software how to respond to it. So, you may set up a policy that tells the software to “revoke sharing” when it finds a file that is breaking the “files containing credit card numbers” rule.
You’ll want to set up notifications within these policies to notify your system admin that a rule has been violated so they can investigate it further if needed. For certain types of policy violations, particularly where an unauthorized file share has occurred, you should set up user notifications as well. This helps continually remind and educate your colleagues on the importance of data security and what types of data should not be shared.
Data loss prevention rules can also be created around certain types and sizes of files. We’ve seen cases where users were uploading bootlegged movies into a customer’s shared drive and sharing them with other colleagues. Not only is this illegal, but it also took up a huge amount of storage space.
The system admin was able to go in and create a data loss prevention rule to match files based on type and size, and then remove the files in bulk. He then created a policy that would detect these types of files from now on and automatically remove them from the cloud environment.
File matching in data loss prevention is a powerful tool, it can be used to detect encrypted files that should be protected being uploaded or created in your environment. When you pair file matching data loss prevention tools with content matching data loss prevention rules, you have a strong structure in place to protect your data and cloud environment.
Image Data Loss Prevention Capabilities
A relatively new data loss prevention capability is image scanning, also referred to as optical character recognition. Data loss prevention software that has optical character recognition capabilities is a definite must, and not all data loss prevention or CASB vendors provide it.
Optical character recognition allows the data loss prevention software to scan images files, such as JPEG, PNG, and PDF, for rule violations. Going back to our credit card number example, if an employee has taken a picture of their company credit card and saved it to your shared drive, you don’t want that information to go outside of the people who have access to it. You may not want them to have that file in the shared drive at all, so you’ll want to be able to remove it.
An even more concerning scenario is if there are screenshots or PDFs in your shared drives that contain customer credit information. Data loss prevention solutions that don’t use optical character recognition technology won’t be able to detect the information in those types of files. But those files should be treated exactly the same as spreadsheets, text documents, and emails that contain credit information.
Data Loss Prevention Alerts and Remediation
We’ve touched on data loss prevention alerts and remediation in previous sections, but it is a very important step in the process. Equally important is how different data loss prevention software solutions handle alerts and remediation, because it’s not enough to just flag a rule violation. You need to be able to do something about it!
As you’re setting up your policy, you’ll need to make decisions about what needs to happen when it’s triggered by a rule violation. As previously discussed, there are instances when you may want to send a user or admin a notification to alert them to the issue.
Automated remediation can take many forms. A few examples include:
- Revoke sharing
- Suspend user
Data loss prevention software is a critical component to your DLP tool stack and strategy, it saves companies a lot of money and headache that comes from data loss and breaches. Data loss prevention software also saves system admins time by automating a majority of the data loss prevention process. This allows them to focus on other priorities while maintaining some peace of mind!