Digital Forensics & Incident Response Strategic Services Advanced Testing Services G2G Marketplace Managed Security Services
November 22, 2019
Securing Your DLP Future in the Unsecured Datasphere

Data Loss Prevention (DLP) has always been critical to an organization’s success, and it remains one of the toughest challenges your organization may face due to the sheer quantity of data you need to secure and manage. People are generating more megabytes of data in shorter periods of time. In fact, IDC predicts that the collective sum of the world’s data will grow from 33 Zettabytes this year to a 175 ZB by 2025, for a compounded annual growth rate of 61 percent. The collection of all this data—in traditional data centers, the edge (enterprise infrastructure, such as cell towers and branch offices), and endpoints, like smart phones, IoT devices and PCs, has been called the Global Datasphere, and it’s growing faster than ever.

Today’s datasphere never sleeps. There is employee data, personal cardholder data, healthcare data, intellectual property, data that supports innovation, AI and digital transformation. With all of this, you are likely looking for ways to optimize your DLP program to avoid the inevitable—sensitive data stolen, lost or leaked to outsiders.

In addition to the explosion of data and the ever-present need to protect it, a key driver motivating an optimized DLP plan is the changing regulatory environment. Privacy laws in the United States vary by data type, industry and state. Outside the US, the scenario isn’t any easier. Some countries have privacy regulations, others do not. Some have adopted legislation consistent with the EU, while others must come up with a unique set of requirements. Not only do you need to keep track of this changing regulatory landscape, but you also need to meet the requirements quickly. Experienced DLP providers can help you combine data discovery, classification and DLP into one streamlined solution—so you can automatically identify any of the data related to your industry’s regulatory standards, whether they are GDPR, PCI DSS, HIPAA, or other, and monitor, encrypt and control the data as it is used, stored or transmitted.

There are enough high-profile security events that you know you can no longer say, “It’s impossible to imagine this.” Now, you know exactly what would happen to your organization if sensitive data got out. You know hackers can hold things for ransom and can steal from point of sale. You know brand reputations can be damaged or ruined. You know millions of dollars can be lost. Today, it’s not a question of, “Can this happen?” but instead: “What controls are we putting in place to minimize the risk of this happening. And, if it did happen—how quickly would we move forward as an organization?”

We’ve found that the vast majority of the events we see are not malicious insiders. It’s
really more benign. ie: Robert in HR doesn’t know he’s not supposed to copy and paste everyone’s
social security number into an Excel sheet. A recent post in HackerCombat claimed that 29% of lost data is due to human error.

Many times, companies don’t know where sensitive data lives or how it flows within the ecosystem. That’s where it can be critical to work with an experienced advisor—one who has the expertise of knowing what others have faced within your particular industry.

Exercises to ensure an effective DLP plan
When looking at implementing a new DLP solutions or optimizing the one you have, it’s important to recognize that this is usually an ongoing process, and not a one-time project. By taking a holistic view of your environment, you may feel you’re most concerned with your endpoints. However, those endpoints are changing all the time. It can be helpful to systematically run through tabletop exercises or specific scenarios to examine various use cases within your environment. Let’s say, one of your end-users has Microsoft Office 365 running from her home office. You will want to ask, “Do I need to see what this employee is working on?” If it’s something important to the vitality of your business, then you know you will need to implement other solutions along with DLP in order to get the level of coverage you need. More times than not, companies don’t know what they don’t know. By conducting these types of fact-finding exercises, it can help you see what you really need in an ideal DLP scenario.

The goal of any effective DLP program should be to reduce risk over time. But the problem is identifying that risk and then working to reduce it throughout the entire organization. These types of tabletop exercises look at the actions needed, the data that must be transmitted, and the end-users involved in the actions. In the case of the home office user, you may find she needs access to certain types of data. In order to know if this is necessary, you may need to involve the HR director or the employee’s manager. Once you know the answer, you will begin to see what your DLP needs are. For instance, you might:

  • Secure the file in transit
  • Educate the employee re: specific access restrictions
  • Implement workstation security software

By working holistically, in what is called the feedback loop, you are able to gain feedback from all appropriate parties, modify your DLP program to accommodate your specific set of needs, and reduce your risk over time. Getting to that effective feedback loop as quickly as possible means that you’re able to progress your program—modifying it as needed for optimal protection.

5 common concerns that can keep you off course
Unfortunately, many companies find they are dissatisfied with the DLP programs they have in place. Here are some challenges you may be facing when implementing or optimizing your DLP.

1. Limited resources for fine-tuning
At the onset, DLP programs are often well-focused, however, as time marches on, companies may not adjust them as frequently as needed. You may lack the manpower to address systematic changes or to keep up with an appropriate feedback loop. Because there is a great deal of fine-tuning required in both a DLP product and program, it can be difficult to maintain your system.

2. Out of sync out DLP
You may find your company is moving at a different speed than your DLP. Maybe there’s too
much noise. Your system may be reporting too many distracting false positives. Or, perhaps you
are lacking the support of upper management to keep your DLP relevant. If a DLP system is just
configured once and then forgotten about until the new administration comes in, you won’t have a tool or system that is protecting your company.

3. The adoption of cloud collaboration tools
In most cases, the business tends to make decisions on the adoption of new tools based on economic reasons. Office 365 and other cloud-based collaboration tools are often forced on security teams, leaving them to scramble to find ways to secure these new, already acquired tools. While these tools do help streamline business process and drive collaboration, they also open up several significant areas of risk, including yet another way for data to leak out. Finding a balance between enabling the business and securing your data can be an arduous task. Ensuring that your DLP tool has direct visibility within these cloud applications is critical in today’s working environment. Direct integration between DLP and CASB (cloud security) tools will help you gain the flexibility you need and reduce the overhead of managing these security tools and policies separately.

4. Gaps in data classification
So many times, companies don’t even have data classification in place. This makes things very
difficult. Generally, there are four levels of data classification you will want to establish: Three
confidential levels—secret, confidential and business use only—and then the fourth level,
public. The level of classification dictates the rules you will write for protection. For example,
company drawings are intellectual property, so they would be considered secret, and only the
people within your company with specialized clearance would have access to them. In this data
and regulatory-driven age, a company’s data can no longer remain unclassified. It must be
organized into appropriate categories for more efficient use and protection across your
environment.

5. Uncertainty about your DLP provider’s future
You may be concerned with the limits of your current DLP provider’s technical support or software development. Or, you may feel that your DLP solution’s capabilities are not progressing at the speed of your business needs. You may find that your DLP provider’s tech support is too inexperienced for your needs, or that the product is not staying at the bleeding edge of all the things that it has to interact with. If so, you may consider a shift.

When looking for a new DLP provider, you will want one-to-one coverage
Be certain that your new DLP provider has all the capabilities of your existing DLP provider to ensure all the facets of your company’s security needs are covered. The type of coverage you’re getting—for data- at rest and data-in-motion is also important. You will want a company who is experienced enough to recognize gaps in coverage.

Ongoing health checks will help you understand if you are viewing too much data or not enough? When you have too much, you will find that important notifications are actually getting lost in the noise, and you won’t have a way to tune out notices of little consequence. One of the first issues you will want to look into through a comprehensive health check is your false positive rate. Many times, there is tuning that you can make around your policies and business processes to ensure greater accuracy and efficiencies.

A typical health check focuses on both the DLP tool and the program. When working with a DLP provider for a health check, they can help you determine the effectiveness of the tool, not necessarily just the state of the tool, and show you how it’s being used in your specific environment. These findings will help you prioritize your low, medium and high tasks, and help you determine how to best work toward resolution or implementation.

Once you’re at a steady state or semi-steady state, you may want to consider incorporating managed services into your DLP mix. An experienced managed services team can help you sort through false positives and escalate only the data that is important to your business. Tracking this can be a way to show ROI to your business leaders, and this is often the data you need to gain upper management support around enhancing your DLP.

 

REFERENCES
1. https://www.seagate.com/files/www-content/our-story/trends/files/idc-seagate-dataage-whitepaper.pdf
2. https://hackercombat.com/data-loss-prevention-and-statistics-infographic/

Content Sponsored by
Forcepoint is the global human-centric cybersecurity company transforming the digital enterprise by continuously adapting security response to the dynamic risk posed by individual users and machines. The Forcepoint Human Point system delivers Risk-Adaptive Protection to continuously ensure trusted use of data and systems. Based in Austin, Texas, Forcepoint protects the human point for thousands of enterprise and government customers in more than 150 countries.
About the Author
Dave Christen
Dave Christen
Sr Director of Architecture, Integration and Managed Services
I Need To...
S
Safeguard my data and my brand
Solutions
E
Envision my cybersecurity program
Digital Forensics & Incident Response
C
Comply with regulations
Strategic Services
U
Uncover what I have
Advanced Testing Services
R
Run my cybersecurity operations
Managed Security Services
E
Elevate my business
Why CBi