Friday, April 27, 2018

Data Loss Prevention

Data Loss Prevention is a strategy for making sure that end users do not send sensitive or critical
information outside the corporate network.

For example if an employee tried to forward business email to outside the corporate domain or upload
a file to consumer cloud service like DropBox, the employee would be denied permission.

How To implement?

  • It can also discover and identify Intellectual Property (IP), and even be trained to learn the difference between your IP and the IP of your business partners. It can alert you when someone tries to copy or share PI or IP. It can block or encrypt attempts to email, IM, blog, copy, or print this sensitive data. 
  • While choosing a DLP product, organizations should check whether the DLP product supports the data formats in which data is stored in their environment.
  • After choosing a DLP product, DLP implementation should start with a minimal base to handle false positives and the base should be increasing with more identification of critical or sensitive data.
  • Identify potential places where PCI information might leak. For most organizations it is recommended to inspect the following channels:
  • Email – Consider all out bound email traffic including attachments.
  • Web traffic – Gmail, and other web mail providers, Facebook and other social media sites should be monitored
  • Other protocols – In particular unencrypted communications should not be crossing the organizational firewall without first identifying the information
  • Data storage – Identify and categorize the information on all storage under control of the organization, including file servers, file shares, SAN, SharePoint servers, user home directories, workstations and laptops in order to determine the assets requiring review and inspection.
  • USB, DVD – Consider workstations that allow USB m ass storage or DVD burning and any devices that can be physically disconnected and carried away.
  • Scan data stores for PCI information. Once assets have been determined, identify any potential regulated or sensitive information on that information asset.
  • Apply controls. Repeat these steps until a satisfactory level of understanding is developed in the form of a map to the protected information and appropriate controls are in place and understood by the stakeholders and system users.

No comments: