IT Security
Your What, Why And How To Data Loss Prevention: Part 1
By TechDogs Editorial Team
Share
Overview
Read on already!
In 2018, the health and fitness world spun into a tizz. Under Armour, owner of fitness tracking app MyFitnessPal (at the time, the top-grossing fitness app in the US), experienced a huge data breach when they lost 150 million account holders' email addresses, usernames and encrypted passwords. Under Armour took just four days to alert account holders of the breach, urging everyone to change their passwords while assuring their payment information's safety.
What Is Data Loss?
You see, humans aren't that bright. We're creatures of habit. In the animal kingdom, we'd be the lumbering wildebeest that drink at the same watering hole every day. Except our watering holes are internet log-in pages. Most humans use the same or a similar password for everything, from their Etsy account to their Instagram sign-in and hackers are the hyenas hiding out at that watering hole, waiting for us to show up and drink. When your password is exposed, hackers go for the jugular, potentially accessing critical data, like your social security number, your address and even your credit history - everything in a nutshell needed to make your life a misery.
Oh God Almighty!! Is There A Difference Between Data Loss And A Data Breach?
Data has three states. It's either waiting to be used, moving from one place to another or being used (Data eggheads call this at rest, in motion and in use). Data loss occurs when you lose control of your data movement, which includes insider threat like losing track of where it exists, how people are using it and how securely it's stored.
When Frederick Fleet, the Titanic lookout, shouted out, "Iceberg, right ahead," there was no confusion over what he meant. If, however, you were to walk into an office and shout, "Oh no! Data loss!" there might be. Most people equate data loss with a data breach where, like with Under Armour, data has intentionally been stolen for personal gain or malicious intent. However, a data breach is just the tip of the data loss iceberg. Beneath the surface, data loss also covers data corruption, accidental file deletion, physical damage to a data storage device and a computer virus.
Here are some of the different types of data loss everyone in your organization should be aware of:
-
Human Error
Around 25% of data loss instances happen because of human error. They include team members accidentally deleting or overwriting data files, losing data storage devices (like when you leave your mobile phone on the train) or downloading sensitive data to a personal device to "work on at home."
-
File Corruption
What does a power outage, a computer virus, a system crash and a software update error all have in common? They all corrupt files. That was the world's worst joke but losing gigabytes of data is no joke either.
-
Hardware
Up to 40% of data loss incidences occur because of hardware failure, which can happen if your computer overheats or gets damaged.
-
Acts of God
Floods, hurricanes, earthquakes, tropical storms, lightning strikes, mass power cuts - unsurprisingly, electrical equipment doesn't respond well to catastrophes.
In the winter of 1998, when creating Toy Story 2, someone at Disney Pixar ran a line of code that deleted 90% of the artwork - over a year's worth of work gone in seconds! The team wasn't too concerned at first. The file was backed up regularly, so it equated to only half a day's work lost - or would have, if the backup files hadn't failed to sync for the past month. Disney Pixar had no film, no backup and a 1999 launch date. Luckily, one of the animators was a new mom who had a backup from when she worked from home. Using her files, they were able to restore 70% of the lost film. PHEW! is an understatement. The Disney Pixar example wasn't an act of sabotage and was far from intentional. It was simply a double whammy of human error and hardware failure.
What Is Data Loss Prevention?
It takes some work but if DLP were a Hollywood actress, it would flick its hair and tell you it's worth it. DLP has no hair to flick but it is worth it. Some of the benefits of implementing a Data Loss
Prevention Program includes:
-
Keeps sensitive data secure.
-
Protects organizations and individuals from lawsuits or credibility loss because of lapse data security measures.
-
Automatically encrypts data.
Enterprise DLP is an all-singing, all-dancing DLP solution. It's a standalone product and most suited to - you've guessed it - large enterprises. Despite the glaringly obvious clue in the name, many non-enterprise organizations opt for an enterprise DLP. Maybe they don't realize they have another choice; perhaps they're anxious about covering all bases. Either way, unless you're a vast global organization, you're unlikely to use even half of an enterprise solution's capabilities. In which case, an Integrated DLP will be just fine. An integrated DLP is a smaller subset of features that you integrate into your existing security product in a system. It has limitations but it's a fraction of an enterprise solution's cost and is all smaller organizations need. #BeSmartHere
How Does DLP Work?
DLP's success starts with you telling it your business rules around data, such as:
-
What data is and isn't sensitive?
-
How do you want to treat your data?
-
Who has access to your data?
What Is DLP Architecture?
DLP architecture plays an essential role in Data Loss Prevention. Remember when we said that DLP is as complicated as Darth Vader? This is where we get into “Luke, I am your father” territory.
DLP architecture is a fancy way of saying, ‘This is the type of data I have; this is where it lives; this is what I do with it.’ There are four different types of DLP architecture and their suitability depends on the systems you use, how you store information and your data’s state. The types of DLP are:
-
Endpoint DLP protects your data where it lives. An endpoint is a physical desktop or laptop, a virtual desktop, removable storage (like a USB) or a web application. Basically, anywhere data can exist as a saved file.
-
Network DLP prevents unauthorized data from moving in, around and out of your network through platforms like email, web transfer sites and FTP (File Transfer Protocol).
-
Cloud DLP monitors and analyzes data as you upload and download it into a cloud platform like Google Drive or Dropbox. It also audits the data already living in the cloud.
-
Storage DLP protects resting data. Whether you store it on a server, in a database, on an endpoint or in the cloud, storage DLP identifies and monitors what sits where.
Join us in Part 2 , when we get up close and personal with DLP software. We discuss why these three little letters are so intrinsic to your business's infrastructure; delve into what's driving DLP change and its adoption; soak up the benefits of a Data Loss Prevention strategy and dig out our crystal ball as we prophesize the future of DLP.
Frequently Asked Questions
What is data loss, and why does it matter?
Data loss refers to the unauthorized or accidental destruction, alteration, or inability to access data. In simpler terms, it's the loss of valuable information that an organization possesses. Data loss matters because it can lead to severe consequences, such as compromised security, financial loss, damaged reputation, and legal implications. For example, losing sensitive data like email addresses and passwords can expose individuals to identity theft or fraud. Thus, organizations must prioritize safeguarding their data to prevent such risks and maintain trust with their stakeholders.
Is there a difference between data loss and a data breach?
Yes, there is a distinction between data loss and a data breach, although they are often conflated. Data loss encompasses various scenarios where data becomes inaccessible or compromised, including accidental deletion, corruption, or hardware failure. On the other hand, a data breach specifically involves unauthorized access to data by external parties for malicious purposes. While a data breach is a type of data loss, not all data loss incidents involve malicious intent. Understanding this difference is crucial for implementing effective strategies to prevent and mitigate the impact of both data loss and data breaches on an organization's operations and reputation.
What is data loss prevention (DLP) and how does it work?
Data loss prevention (DLP) is a comprehensive strategy and set of technologies designed to prevent sensitive data from being lost, leaked, or stolen. It works by monitoring and analyzing data usage patterns, detecting potential security threats or policy violations, and taking proactive measures to mitigate risks. DLP solutions can enforce security policies, such as encryption or access controls, to ensure that sensitive data remains protected across various endpoints, networks, and storage locations. By implementing DLP measures, organizations can enhance their data security posture, comply with regulations, and safeguard confidential information from unauthorized disclosure or misuse.
Enjoyed what you've read so far? Great news - there's more to explore!
Stay up to date with the latest news, a vast collection of tech articles including introductory guides, product reviews, trends and more, thought-provoking interviews, hottest AI blogs and entertaining tech memes.
Plus, get access to branded insights such as informative white papers, intriguing case studies, in-depth reports, enlightening videos and exciting events and webinars from industry-leading global brands.
Dive into TechDogs' treasure trove today and Know Your World of technology!
Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. All information / content found on TechDogs' site may not necessarily be reviewed by individuals with the expertise to validate its completeness, accuracy and reliability.
Tags:
Related Introductory Guides By TechDogs
Everything You Need To Know About Electronic Health Record
By TechDogs Editorial Team
Backup Your Business With Enterprise Backup Solutions
By TechDogs Editorial Team
A Simple Guide To Manufacturing Execution Systems
By TechDogs Editorial Team
Why You Need Conversion Rate Optimization (CRO) Tools
By TechDogs Editorial Team
Let The Creativity Flow With Content Creation Platforms
By TechDogs Editorial Team
Everything You Need To Know About Integration Testing
By TechDogs Editorial Team
Integrate It Right With System Integration Software!
By TechDogs Editorial Team
Everything About The Payroll Management Software
By TechDogs Editorial Team
All About Enterprise Architecture Management Software
By TechDogs Editorial Team
A Beginner’s Guide To Competitive Intelligence Tools
By TechDogs Editorial Team
The What, Why And How Of Customer Analytics Solutions
By TechDogs Editorial Team
A Rookie's Guide To IT Operations Management Software
By TechDogs Editorial Team
All You Need To Learn About Server Virtualization Software
By TechDogs Editorial Team
Related Content on IT Security
Related News on IT Security
Darktrace Appoints Chris Kozup As Chief Marketing Officer
Thu, May 25, 2023
By PR Newswire
Sysdig Named a Top 10 Security Provider by G2 Reviewers
Tue, Feb 14, 2023
By Business Wire
Devo Security Data Platform Attains FedRAMP® Authorization
Tue, Jan 9, 2024
By PR Newswire
Perimeter 81 Announces Integration With ConnectWise PSA
Wed, Feb 15, 2023
By Business Wire
Nisos Announces Comprehensive Managed Intelligence Suite
Tue, Apr 4, 2023
By Business Wire
UK NHS Trusts Challenged by Attack Surface Complexities
Mon, Jun 19, 2023
By Business Wire
Join The Discussion