How data outflows can be prevented
Many companies find it difficult to maintain control over their data, especially since employees are increasingly working remotely and using a wide range of cloud services and AI tools. Data loss prevention (DLP) can prevent the outflow of sensitive information, but its implementation is considered complex and time-consuming.
Data volumes in companies are growing, and with them the challenges of data protection. This is because it is no longer primarily stored on well-secured internal servers, but is constantly flowing back and forth between end devices inside and outside the company network, local infrastructures and clouds, as well as new AI tools. Traditional security concepts cannot keep up with this diversity and dynamism - companies need to focus on the data itself and regulate in detail what can and cannot be done with it. Solutions for data loss prevention (DLP) help with this. In the experience of the IT security service provider Forcepoint, the following approach has proven to be successful when introducing them:
- Step 1: Define goals and use cases
First of all, companies need to clarify what goals they want to achieve with the introduction of a DLP solution: Is it about protecting valuable intellectual property or regulatory requirements, for example in relation to data protection? Should a secure basis for hybrid working models be created or is the focus on the introduction of new cloud services and AI tools that should not lead to data leaks? Based on this, companies can create a risk profile that includes the different types of data to be protected, the channels through which it can flow and the consequences of data outflows. - Step 2: Set up implementation plan
Once it has been determined which data and channels are to be protected, a roadmap for the DLP introduction can be defined. To do this, companies need to get all stakeholders on board and clarify responsibilities, such as who will take care of installation and integration into the existing infrastructure, who will optimize policies and who will handle incidents. A timetable can then be worked out together, taking into account the available personnel resources and also allowing time for testing. - Step 3: Define guidelines and workflows
Once the project management preparations have been completed, the guidelines that the DLP solution will later enforce can be drawn up. To do this, experts from the specialist departments should be consulted to help assess what impact the loss or theft of data would have. Based on this, actions can be defined for activities such as sending data by email or uploading it to the cloud. For non-critical data, logging is usually sufficient; for other data, a warning, an approval process or blocking of the action is possible, depending on the channel and criticality. Encryption can also be enforced, for example when saving documents on USB sticks. It is important that actions are initiated as automatically as possible in order to reduce the workload of the security team and avoid delays for users. Only events with unknown effects should require manual intervention: The relevant workflows - Who looks at the incident? Who decides on the measures? - are also defined in this project phase. - Step 4: Introduce DLP and use it for monitoring
Now comes the actual installation and configuration of the DLP solution. Before it is fully activated and the policies are enforced, it should initially be used largely passively - only for monitoring. This gives companies an insight into all data movements and the potential impact of their policies. If they turn out to be too restrictive, they can still make adjustments. Only policies that concern highly critical activities such as the mass upload of data to suspicious destinations on the Internet should actually be enforced at this stage. Furthermore, it often makes sense not to start the DLP deployment company-wide, but with one channel such as email or cloud, with one department or with one region. - Step 5: Start enforcing policies
Once the fine-tuning of the policies has been completed, they can finally be enforced - here too, it is advisable to take a step-by-step approach and start with the most critical data and channels, for example. However, a close look at monitoring is still recommended to ensure that employees are not hindered in legitimate activities and that policies are adjusted quickly if necessary. It is also ideal if the DLP solution does not rely on rigid guidelines, but takes into account the context of activities and changes guidelines according to the risk. After all, it is often only the context that shows whether an action is harmless or security-critical, for example because the user accesses data at unusual times or from unusual locations or suddenly downloads significantly larger amounts of data than in their previous working day. - Step 6: Make optimizations
Once the actual DLP implementation has been completed, it is time for analysis and optimization. If, for example, certain risky behavioral patterns emerge in the workforce, companies can provide targeted training. The effectiveness of the guidelines should also be continuously monitored. Ultimately, just like the introduction of DLP, data security is not a one-off action that is completed at some point, but should be continually optimized to take account of new technologies, tools, data types and threats. - Step 7: Deploy DLP company-wide
The DLP implementation is completed with the extension of protection to the remaining data types and channels that were not yet considered in steps 4 and 5. If a modern DLP solution is used, the existing policies can easily be applied to other channels, which is why the effort involved is manageable. If necessary, existing policies can also be replicated and adapted if a channel has special requirements. - Step 8: Extend DLP to DPSM
Expanding a DLP solution to a complete Data Security Posture Management (DSPM) can significantly improve the effectiveness of policies. DSPM offers functions for automatic data discovery and data classification so that companies do not overlook any data assets and have less manual effort. DSPM also helps to detect and eliminate excessive permissions for files, thus further reducing the risk of security breaches. This makes it easier to implement least privilege principles. Last but not least, DSPM also identifies data that is redundant, outdated or superfluous and can be deleted to reduce storage costs.
"A DLP implementation is not a mammoth project, as many companies fear," emphasizes Fabian Glöser, Team Lead Sales Engineering Nordics, Central & Eastern Europe at Forcepoint. "A structured approach ensures that human resources are used optimally and that the project goals are not lost sight of. Modern DLP and DSPM solutions also use AI for data classification and come with a ready-made policy set, which significantly reduces manual effort. In many projects, we have completed data discovery and data classification after just two to four weeks, know what is happening with sensitive data and can enforce the first company-specific guidelines."
Source and further information: Forcepoint
This article originally appeared on m-q.ch - https://www.m-q.ch/de/wie-sich-datenabfluesse-verhindern-lassen/
