Data Loss Prevention, commonly referred to as DLP, refers to policies, technologies, and controls used by organizations to prevent accidental leaks, misuse, or intentional theft of sensitive data by users, malicious insiders, or external attackers. Strategies can include forcing encryption of shared data, restricting access to sensitive data to only those employees with legitimate needs, blocking access to unapproved external data stores, and sending data to personal email addresses.
Why DLP is Important to Your Organization
Protecting sensitive data is critical to all organizations. The data can include source code, customer lists, financial forecasts, trade secrets, and product plans. A data breach can present a variety of consequences, including:
- Compliance Penalties – Breaches that result in the loss of Personally Identifiable Information (PII) and Personal Health Information (PHI) or leaked financial data can trigger regulatory penalties under HIPAA, GDPR, PCI-DSS, Section 5 of the FTC Act, the California Consumer Privacy Act, and dozens of other regulatory requirements.
- Operational Risk – Trade secrets, customer lists, product designs, and other corporate IP stolen by competitors and disgruntled or departing employees can eliminate competitive advantages.
- Reputational Risk – A breach of any confidential information can negatively affect revenue and damage a firm’s reputation for years.
How Does Data Loss Prevention Work?
The traditional, 3 approach to DLP requires organizations to identify and classify all sensitive data in the organization, then build granular rules to dictate which users are allowed to execute which actions with each class of data. Once the rules are in place, security teams monitor alerts for policy violations or set the tools to automatically ‘block’ actions.
There are several problems with this approach. The most obvious is scalability. Data is not static. New types of data are constantly developed, and each requires new classifications and a new set of policies to control which users (or set of users) are allowed to use, move, modify, or print the data. While the granular rules may work for a small team, as an organization grows the ability to maintain policies that protect data and allow unfettered use of the data by legitimate users becomes impossible.
This leads to a second problem; blocking data exfiltration. Strict, granular rules frustrate users and lead to false positives that hamper productivity; therefore ‘blocking’ capabilities are almost never enabled in traditional DLP tools. Therefore, traditional DLP often becomes a tool that reports only when data has already been stolen.
How DTEX Zero Trust DLP is Different
A better approach follows a Zero Trust model that accounts for the context of each action based on the analysis of data from users, devices, networks, and applications. Sensitive data is still identified and classified, but more important is understanding how data is used. These observations are stored in a Risk Index and associated with the risk object, whether that is a user or device.
DTEX’s Zero Trust approach does not generate alerts for discrete events. Instead, it maintains a risk score for every user and activity to identify patterns or sequences of potentially related attributions. This allows teams to identify and correct risky but non-malicious activity sooner, proactively mitigating risk and eliminating false positives. By accurately analyzing contextual data to identify user intent, a Zero Trust approach help teams respond quickly and appropriately across all threat vectors. Once the context of intent is clear, multiple actions can stop the activity before data is put at risk. If an action requires blocking, it is based on the risk score of the individual – not the data.
Privacy by Design
DTEX InTERCEPT for Zero Trust Data Loss Prevention demystifies the context and intent of human behaviors without violating the trust and privacy of employees. DTEX uses a patented ‘Privacy by Design’ approach, minimizing excess (and unnecessary) data collection and using pseudonymization to mask data elements on individual employees by default.
File Lineage Forensics & Auditing
DTEX provides a full audit history on file activity including who and when each file was created, modified, aggregated, obfuscated, archived, encrypted, and deleted. This enables a real-time, contextual understanding of the severity of ‘indicators of intent’ of a data loss event.
How to Get Started with Zero Trust DLP
A successful Zero Trust DLP program can be achieved at scale by following a few key principles:
Educate users: Employees who understand the strategic reasons for DLP are more accepting of the solution. Helping them understand what data is collected and how it will remove friction.
Identify and classify data: It is obvious that to protect data you must first know where it resides. This includes ‘shadow IT’ and unauthorized applications used by employees.
Understand risks and threats: Every employee who handles data presents risk simply because people make mistakes. Insider threats will provide indicators of malicious intent such as reconnaissance, obfuscation, circumvention, and aggregation.
Don’t rely on granular policies: As noted, granular policies do not scale and frustrate legitimate users. Look for solutions that provide context around actions to reduce false positives.
Respect user privacy: An engaged workforce is more productive. Intrusive solutions that monitor keystrokes and capture video can undermine trust in an organization and lead to less engagement. Collect only the data that is required to mitigate risk and threats. Use pseudonymization to mask individual user identities until circumstances warrant deeper investigations.
Contact us for a discussion on how you can leverage Zero Trust into your DLP strategy.