DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Data Engineering
  3. Data
  4. DLP: What Is It and Why You Need It

DLP: What Is It and Why You Need It

Better secure your data with DLP.

Eddie Segal user avatar by
Eddie Segal
·
Aug. 05, 19 · Opinion
Like (2)
Save
Tweet
Share
4.51K Views

Join the DZone community and get the full member experience.

Join For Free

What Is DLP?

Data Loss Prevention (DLP) refers to strategies and tools used to prevent the loss or leakage of data. DLP includes endpoint management, such as managing who has access to data and what they’re allowed to do with that access and protecting data in-transit. The number and type of protections implemented by a DLP strategy are informed by the priority of your data and the regulatory requirements you face.

There are four main areas that DLP solutions are applied to:

  • Network-based — protect data in motion by analyzing the network traffic that crosses network boundaries, such as emails and instant messages, social media interactions, web applications, and SSL traffic. This involves blocking specific traffic and ensuring that data is properly encrypted.
  • Storage-based — protect data at rest, like file servers and databases, by evaluating the security of locations where confidential data is stored. This involves setting appropriate access permissions and encrypting data.
  • Endpoint-based — monitor the transfer of data, such as printing, saving to external storage, sharing through social media, etc., and either log, alert to, or block activities defined by security as possibly harmful. This involves setting appropriate access policies based on the endpoint type and using strong authentication methods.
  • Content-aware — enable the enforcement of security policies through monitoring, blocking, or remediation according to content type or classification. This involves setting access and encryption policies according to data priority and limiting availability through the use of tiering or data segregation.

Sources of Data Loss

Data loss falls into two categories: accidental and intentional. Accidental loss occurs primarily due to human error, such as sharing a file to the incorrect person or inadvertently editing the wrong file, and systems failure, such as a third-party application exposing data through an unknown vulnerability or a power surge that damaged a server. Although this type of loss occurs without malicious intent, it still creates liability and can result in regulatory sanctions, fines, and loss of customer trust.

Intentional loss occurs due to the actions of malicious parties, either internal or external. Employees, contractors, or even clients can purposely share data with outside sources if they feel they have been wrongly treated or if there are sufficient motivations for personal gain, such as payouts from third-parties. Frequently, this type of loss occurs through hard copies of data, such as printouts or photographs, or through removable media like USB drives. Attacks through malware, compromised credentials, or phishing techniques can occur despite secure internal relationships when attackers target vulnerabilities in your configuration, those present in third-party integrations, or in human nature. Such attacks can be directed at you or at third-parties with whom you entrust your data.

Why You Need a DLP Solution

It doesn’t make sense to leave your data vulnerable when you can take relatively easy steps to protect it. If this isn’t enough reason for you though, here are some specific reasons to implement a DLP solution.

Increasing Value of Data

Modern businesses rely on data more than ever before, and the amount they produce and control has grown accordingly. This data is often one of the most valuable assets an organization has, making it a tempting target for thieves. The rising financial benefit from stealing data has driven criminal innovation, and the number of attacks attempted has increased.

Gaps Created by BYOD

Employees are increasingly using their own devices for work purposes, such as checking emails from their smartphones or working remotely on personal laptops. These devices can grant employees increased productivity but typically introduce vulnerabilities due to the limitations of security professionals to enforce protocols. The software on personal devices is often out of date or set with data sharing policies that are too liberal and greater use of third-party applications means additional routes of entry to data.

Cloud-Based Services

More and more organizations are moving to cloud-based platforms, which can mean greater security for small organizations lacking dedicated security professionals. However, it often means increased complexity and decreased control for established teams. The nature of cloud services means additional routes of access to data that needs to be protected and a reliance on the provider and other cloud customers, who share the same resources and services as you, to manage security appropriately. A further complication is added when employees use personal cloud storage or cloud-based services during their workday, as security teams may be unaware of their use and unable to protect them properly.

Loss of Revenue and Financial Penalties

When a data breach occurs, it often requires alerting customers and other invested parties, lowering the reputation of a company, and leading to a loss of customers. Even if lost data doesn’t result in a privacy breach, it can decrease the competitiveness of a business when it involves proprietary information or trade secrets, causing a decrease in revenue or an increase in supply costs.

A well organized DLP strategy will help you ensure compliance with regulatory standards and avoid the fines and penalties that come with breaking them. It can make adjusting to regulatory changes simpler by clearly outlining current vulnerabilities and measures taken, and simplifying the identification of areas needing modification. A good strategy will include consistent logging and verification of security systems, making compliance audits, whether official or not, simpler and faster.

Data (computing)

Published at DZone with permission of Eddie Segal. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • How to Quickly Build an Audio Editor With UI
  • Using AI and Machine Learning To Create Software
  • Writing a Modern HTTP(S) Tunnel in Rust
  • How To Use Terraform to Provision an AWS EC2 Instance

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: