Plug Your Data Leaks: Integrating Data Loss Prevention into Your Security Stack

$4.35 million. That is the typical complete price of a data-exposing cybersecurity incident, in accordance with the Ponemon Institute’s “Cost of a Data Breach Report 2022.” That is an all-time excessive, up 12.7% from 2020.

Between the potential lack of commerce secrets and techniques, reputational hurt, and regulatory fines associated to knowledge privateness, knowledge breaches can threaten a corporation’s very existence. And for those who do not take proactive measures to stop them, the circumstances that led to 1 breach can simply end in one other. Eighty-three % of breached organizations report having suffered a couple of such occasion.

Knowledge loss prevention, or DLP, refers to a class of cybersecurity options which can be particularly designed to detect and forestall knowledge breaches, leaks, and destruction. These options accomplish that by making use of a mix of knowledge circulate controls and content material evaluation. And in at the moment’s cyber-threat panorama, DLP has turn out to be a primary enterprise want.

The Three States of Knowledge and How DLP Protects Them

There are three foremost states by which knowledge can reside inside a corporation:

  • Knowledge in use: Knowledge is taken into account to be in use when it is being accessed or transferred, both by way of native channels (e.g., peripherals and detachable storage) or functions on the endpoint. An instance may very well be recordsdata which can be being transferred from a pc to an USB drive.
  • Knowledge in movement: Knowledge is taken into account to be in movement when it is transferring between laptop programs. For instance, knowledge that’s being transferred from native file storage to cloud storage, or from one endpoint laptop to a different by way of immediate messenger or electronic mail.
  • Knowledge at relaxation: Knowledge is taken into account to be at relaxation when it is saved, both regionally or elsewhere on the community, and isn’t at present being accessed or transferred.

In fact, most delicate knowledge will change between these states steadily — in some instances, nearly repeatedly — although there are use instances the place knowledge might stay in a single state for its total life cycle at an endpoint.

Equally, there are three major “useful” DLP varieties, every devoted to defending certainly one of these states of knowledge. Listed here are just a few examples of how this will work:

  • Knowledge-in-use DLP programs might monitor and flag unauthorized interactions with delicate knowledge, corresponding to makes an attempt to print it, copy/paste to different areas, or seize screenshots.
  • Knowledge-in-motion DLP detects whether or not an try is being made to switch (confidential) knowledge exterior of the group. Relying in your group’s wants, this will embrace doubtlessly unsafe locations, corresponding to USB drives or cloud-based functions.
  • Knowledge-at-rest DLP permits a holistic view of the situation of delicate knowledge on an area endpoint or community. This knowledge can then be deleted (if it is misplaced), or sure customers’ entry to it blocked relying in your safety insurance policies.

Not all potential sources of a knowledge breach are nefarious — they’re usually the results of good old school human error. Nonetheless, the impression is simply as actual whether or not delicate info is deliberately stolen or just misplaced.

DLP Structure Varieties

DLP options might be categorized primarily based on their architectural design:

  • Endpoint DLP options use endpoint-based DLP brokers to stop knowledge in use, knowledge in movement, and knowledge at relaxation from leaking — no matter whether or not they’re used solely inside a company community or uncovered to the Web.
  • Community/cloud DLP options use solely network-resident parts — corresponding to {hardware}/digital gateways — to guard knowledge in movement or at relaxation.
  • Hybrid DLP options make the most of each network- and endpoint-based DLP parts to carry out the performance of each endpoint and community DLP architectures.

It is necessary to notice that as a result of nature of their structure, community DLP options can’t successfully safeguard knowledge in use: It stays weak to purely native actions, like unauthorized printing and display screen capturing.

Adopting DLP Is Extra Essential Than Ever

The advantages of a powerful DLP program are clear. By taking proactive steps to slash the chance of knowledge loss and leakage, organizations can obtain some highly effective advantages:

  • Extra simply reaching and sustaining compliance with related knowledge privateness rules, such because the GDPR and HIPAA
  • Defending mental property and commerce secrets and techniques
  • Strengthening safety in an period of widespread distant work and BYOD insurance policies
  • Minimizing the potential impression of human error and negligence

Bigger enterprises might select to undertake on-premises DLP options — and for some, this can be the proper alternative. However organising a profitable DLP program is advanced and resource-intensive, and it requires fine-tuning over an prolonged time frame. Companies may also have to deliver aboard specialised specialists with related expertise. These with out such a group already in place will doubtless discover it extra environment friendly to work with a managed service supplier (MSP) for his or her DLP wants.

In flip, MSPs are turning to companions to assist them construct out these Advanced DLP choices to assist stop knowledge leakage from purchasers’ workloads.

Whether or not you handle your DLP in-house or flip to a vendor to assist, it’s a crucial a part of a contemporary, and future, safety stack.

Concerning the Writer


Iliyan Gerov is a Senior Product Advertising and marketing Specialist at Acronis.


Leave a Reply

Your email address will not be published. Required fields are marked *