Story image

For YOUR eyes only: Data loss prevention strategies

25 Jul 2016

It’s your job as the security professional at your company to prevent the loss of critical or sensitive data.

Your financial data is valuable to cyber-criminals. Your IP is valuable to competitors and spies. Your HR data, including salaries, is best kept secret. It’s not just good business… it’s the law. New Zealand’s Privacy Act (Principle 5, Storage and security of personal information) states that ‘An agency that holds personal information shall ensure that the information is protected, by such security safeguards as it is reasonable in the circumstances to take, against loss’. In other words, if you hold sensitive information, you’d better keep it safe.

But as networks get more complex and the attack surface expands, your job is not getting any easier. “Data loss prevention (DLP) is getting more attention, thanks in part to the Panama Papers data leak,” says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand’s largest distributor of Fortinet’s cyber security solutions. “This was a wake-up call to every business: protect what you hold or face the consequences…which are not pleasant.”

DLP: Applied across the entire network

DLP is a systems-based solution applied across the entire distributed network, including endpoints, local and distributed networks, data centres, cloud services, applications and web and e-mail services in order to prevent end users from sending sensitive or valuable information to unauthorised users and devices. An effective DLP strategy is also a valuable tool for IT administrators, enabling them to create, refine and enforce policy, gain broad visibility into data flow, filter data streams on the network and protect data at rest, in motion or in use.

Customers, employees, contractors, and business partners all want to access critical business data and network resources. “The number and kinds of devices used to access this data are expanding rapidly,” notes Khan, “from smartphones and tablets to personal laptops that are increasingly not controlled by IT. At the same time, critical data is being stored offsite on a variety of third-party platforms, something known in the industry as Shadow IT.”

“Traditional network perimeters are changing,” he continues. “Users expect to be able to access any information, from any location, at any time, using any device. But the imperative stays the same: you need to protect and preserve critical, sensitive or confidential data in the midst of a rapidly expanding environment where traditional security solutions are less and less relevant.”

Policy comes first

DLP is achieved through the coordination of many different components. The first, and most essential, is a strong policy and governance strategy. If you can describe and map it, you can protect it. Your security policy is the blueprint from which you can build your security fabric.

After a policy is in place, you can then enhance your network to discover, analyse and secure data. Using a combination of specific data management and control tools, content-aware security devices and solutions and the ability to leverage the services that already exist in your network, you can create a workable and manageable DLP profile.

An effective strategy

An effective data loss prevention strategy, therefore, needs to include:

1) Preparation and planning as you adopt new network technologies, strategies and devices

2) Designing and implementing collaborative and adaptive security as an integral part of your network architecture

3) Continuous assessment and automated response to threats as they occur

4) Implementing forensic tools that allow you to immediately trace an event to its source, identify compromised devices inside your network and optimise your environment to prevent future breaches.

“DLP isn’t a black hole or amorphous concept,” concludes Khan. “It’s a policy, tools and the resources to enforce. Done systematically, you can implement DLP without having to redesign your network. An additional appliance or upgrade here and a reconfiguration there and you should be able to fast track DLP implementation. At Fortinet, it’s one of our specialities. Give us a call and we’ll put you in touch with a local Partner who can help you keep your data ‘for your eyes only.”

For further information, please contact:

Andrew Khan, Senior Business Manager
M: 021 819 793

David Hills, Solutions Architect
M: 021 245 0437

Hugo Hutchinson, Business Development Manager
P: 09-414-0261 | M: 021-245-8276

Marc Brunzel, Business Development Manager
M: 021 241 6946

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.