TechDogs-Your What, Why And How To "Data Loss Prevention": Part 1

IT Security

Your What, Why And How To Data Loss Prevention: Part 1

By TechDogs Editorial Team

TechDogs
Overall Rating

Overview

What does Toy Story 2, the Titanic and Under Armour all have to do with Data Loss Prevention (DLP)? Read this article for a mini crash course in Data Loss Prevention. In this two-part series, we unfold how data loss occurs, what needs to be done to prevent it and the tech that drives it. We will also be sharing 'How to small talk DLP to make you look like an expert'.

Read on already!
TechDogs-Prevent Data From Entering The Dark Side-"Data Loss Prevention": Part 1

In 2018, the health and fitness world spun into a tizz. Under Armour, owner of fitness tracking app MyFitnessPal (at the time, the top-grossing fitness app in the US), experienced a huge data breach when they lost 150 million account holders' email addresses, usernames and encrypted passwords. Under Armour took just four days to alert account holders of the breach, urging everyone to change their passwords while assuring their payment information's safety.
 
Afterward, Under Armour pulled their (sports) socks up and introduced Data Loss Prevention measures to reduce the risk of this happening again. The Under Armour example is notable because of the number of account holders it affected. Not everyone has 150 million records. Heck, most people don't even have 15,000. Whether your database consists of 10 million, 10,000 or 10, once someone trusts you with their information, they expect you to keep it safe. Now let's learn more about how.


What Is Data Loss?

 
Data loss is your Why; the reason your organization should care about keeping its data safe - But why does your Why matter?
 
Let's return to our Under Armour example. So, someone sees what you ate yesterday and that you go for yoga every Thursday - so what? The payment information wasn't compromised. The truth is that payment information isn't the good stuff. The real value lies in your email address and password.

You see, humans aren't that bright. We're creatures of habit. In the animal kingdom, we'd be the lumbering wildebeest that drink at the same watering hole every day. Except our watering holes are internet log-in pages. Most humans use the same or a similar password for everything, from their Etsy account to their Instagram sign-in and hackers are the hyenas hiding out at that watering hole, waiting for us to show up and drink. When your password is exposed, hackers go for the jugular, potentially accessing critical data, like your social security number, your address and even your credit history - everything in a nutshell needed to make your life a misery.


Oh God Almighty!! Is There A Difference Between Data Loss And A Data Breach?

 
TechDogs-Is There A Difference Between "Data Loss And A Data Breach"-Difference Between Data Loss And A Data Breach

Data has three states. It's either waiting to be used, moving from one place to another or being used (Data eggheads call this at rest, in motion and in use). Data loss occurs when you lose control of your data movement, which includes insider threat like losing track of where it exists, how people are using it and how securely it's stored.

When Frederick Fleet, the Titanic lookout, shouted out, "Iceberg, right ahead," there was no confusion over what he meant. If, however, you were to walk into an office and shout, "Oh no! Data loss!" there might be. Most people equate data loss with a data breach where, like with Under Armour, data has intentionally been stolen for personal gain or malicious intent. However, a data breach is just the tip of the data loss iceberg. Beneath the surface, data loss also covers data corruption, accidental file deletion, physical damage to a data storage device and a computer virus.

Here are some of the different types of data loss everyone in your organization should be aware of:
 
  • Human Error

    Around 25% of data loss instances happen because of human error. They include team members accidentally deleting or overwriting data files, losing data storage devices (like when you leave your mobile phone on the train) or downloading sensitive data to a personal device to "work on at home."

  • File Corruption

    What does a power outage, a computer virus, a system crash and a software update error all have in common? They all corrupt files. That was the world's worst joke but losing gigabytes of data is no joke either.

  • Hardware

    Up to 40% of data loss incidences occur because of hardware failure, which can happen if your computer overheats or gets damaged.

  • Acts of God

    Floods, hurricanes, earthquakes, tropical storms, lightning strikes, mass power cuts - unsurprisingly, electrical equipment doesn't respond well to catastrophes.

 
Think data loss affects only customer files? Think again.

In the winter of 1998, when creating Toy Story 2, someone at Disney Pixar ran a line of code that deleted 90% of the artwork - over a year's worth of work gone in seconds! The team wasn't too concerned at first. The file was backed up regularly, so it equated to only half a day's work lost - or would have, if the backup files hadn't failed to sync for the past month. Disney Pixar had no film, no backup and a 1999 launch date. Luckily, one of the animators was a new mom who had a backup from when she worked from home. Using her files, they were able to restore 70% of the lost film. PHEW! is an understatement. The Disney Pixar example wasn't an act of sabotage and was far from intentional. It was simply a double whammy of human error and hardware failure.


What Is Data Loss Prevention?

 
Data Loss Prevention (DLP) isn't one thing but a program that allows you to monitor and protect your data. If data loss is your Why, Data Loss Prevention is your What. It's what you hope to achieve and what you need to do to get there.

It takes some work but if DLP were a Hollywood actress, it would flick its hair and tell you it's worth it. DLP has no hair to flick but it is worth it. Some of the benefits of implementing a Data Loss

Prevention Program includes:
  • Keeps sensitive data secure.

  • Protects organizations and individuals from lawsuits or credibility loss because of lapse data security measures.

  • Automatically encrypts data.

 
DLP falls into two categories: Enterprise DLP and Integrated DLP.

Enterprise DLP is an all-singing, all-dancing DLP solution. It's a standalone product and most suited to - you've guessed it - large enterprises. Despite the glaringly obvious clue in the name, many non-enterprise organizations opt for an enterprise DLP. Maybe they don't realize they have another choice; perhaps they're anxious about covering all bases. Either way, unless you're a vast global organization, you're unlikely to use even half of an enterprise solution's capabilities. In which case, an Integrated DLP will be just fine. An integrated DLP is a smaller subset of features that you integrate into your existing security product in a system. It has limitations but it's a fraction of an enterprise solution's cost and is all smaller organizations need. #BeSmartHere
 

How Does DLP Work?

 
The back-of-an-envelope definition of DLP is that it monitors how people use your data and prevents behaviors that put your data security team at risk. Cisco defines Data Loss Prevention as "... a set of technologies, products and techniques that are designed to stop sensitive information from leaving an organization." Both definitions are a little like saying Darth Vader is a mean guy. He's more complex than that and so is DLP. Which is why it's just easier to get stuck into how DLP works rather than try and explain it in one sentence.

DLP's success starts with you telling it your business rules around data, such as:
  • What data is and isn't sensitive?

  • How do you want to treat your data?

  • Who has access to your data?

 
Once you answer these questions, you can decide upon your DLP architecture.
 

What Is DLP Architecture?

 
TechDogs-What Is "Data Loss Prevention Architecture"-Data Loss Prevention Is As Complicated As Darth Vader-Reference GIF From Star Wars

DLP architecture plays an essential role in Data Loss Prevention. Remember when we said that DLP is as complicated as Darth Vader? This is where we get into “Luke, I am your father” territory.

DLP architecture is a fancy way of saying, ‘This is the type of data I have; this is where it lives; this is what I do with it.’ There are four different types of DLP architecture and their suitability depends on the systems you use, how you store information and your data’s state. The types of DLP are:
 
  • Endpoint DLP protects your data where it lives. An endpoint is a physical desktop or laptop, a virtual desktop, removable storage (like a USB) or a web application. Basically, anywhere data can exist as a saved file.

  • Network DLP prevents unauthorized data from moving in, around and out of your network through platforms like email, web transfer sites and FTP (File Transfer Protocol).

  • Cloud DLP monitors and analyzes data as you upload and download it into a cloud platform like Google Drive or Dropbox. It also audits the data already living in the cloud.

  • Storage DLP protects resting data. Whether you store it on a server, in a database, on an endpoint or in the cloud, storage DLP identifies and monitors what sits where.

 
With your business rules and DLP architecture in place, you’re ready to go forth and spread the DLP word among your employees.
 
In Part 1 of our dive into Data Loss Prevention, you learned that data protection goes so much deeper than some guy in a hoodie hacking into your sales records. It also covers accidental file saves and shares, lost laptops and power outages. You can (and should) incorporate Data Loss Prevention software, a less sinister Darth Vader, a less obvious iceberg that consists of complex DLP architectures, multiple storage points and business rules to keep your confidential data safe acting as a digital guardian. If you're ever at a function making DLP small talk, you now also have a cool story to tell about how Jessie and Bullseye almost disappeared into obscurity. #Bonus  

Join us in Part 2 , when we get up close and personal with DLP software. We discuss why these three little letters are so intrinsic to your business's infrastructure; delve into what's driving DLP change and its adoption; soak up the benefits of a Data Loss Prevention strategy and dig out our crystal ball as we prophesize the future of DLP.

Frequently Asked Questions

What is data loss, and why does it matter?


Data loss refers to the unauthorized or accidental destruction, alteration, or inability to access data. In simpler terms, it's the loss of valuable information that an organization possesses. Data loss matters because it can lead to severe consequences, such as compromised security, financial loss, damaged reputation, and legal implications. For example, losing sensitive data like email addresses and passwords can expose individuals to identity theft or fraud. Thus, organizations must prioritize safeguarding their data to prevent such risks and maintain trust with their stakeholders.

Is there a difference between data loss and a data breach?


Yes, there is a distinction between data loss and a data breach, although they are often conflated. Data loss encompasses various scenarios where data becomes inaccessible or compromised, including accidental deletion, corruption, or hardware failure. On the other hand, a data breach specifically involves unauthorized access to data by external parties for malicious purposes. While a data breach is a type of data loss, not all data loss incidents involve malicious intent. Understanding this difference is crucial for implementing effective strategies to prevent and mitigate the impact of both data loss and data breaches on an organization's operations and reputation.

What is data loss prevention (DLP) and how does it work?


Data loss prevention (DLP) is a comprehensive strategy and set of technologies designed to prevent sensitive data from being lost, leaked, or stolen. It works by monitoring and analyzing data usage patterns, detecting potential security threats or policy violations, and taking proactive measures to mitigate risks. DLP solutions can enforce security policies, such as encryption or access controls, to ensure that sensitive data remains protected across various endpoints, networks, and storage locations. By implementing DLP measures, organizations can enhance their data security posture, comply with regulations, and safeguard confidential information from unauthorized disclosure or misuse.

Enjoyed what you've read so far? Great news - there's more to explore!

Stay up to date with the latest news, a vast collection of tech articles including introductory guides, product reviews, trends and more, thought-provoking interviews, hottest AI blogs and entertaining tech memes.

Plus, get access to branded insights such as informative white papers, intriguing case studies, in-depth reports, enlightening videos and exciting events and webinars from industry-leading global brands.

Dive into TechDogs' treasure trove today and Know Your World of technology!

Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. All information / content found on TechDogs' site may not necessarily be reviewed by individuals with the expertise to validate its completeness, accuracy and reliability.

Join The Discussion

- Promoted By TechDogs -

IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses 2024 Vendor Assessment