What's your company's data security strategy? Your answer strongly depends on what data you maintain, where your data travels and who accesses it. These three key factors structure your strategy and determine what security measures your company requires.
Regardless of the data transferred and accessed throughout your infrastructure, there are tools and processes that can fortify your data security strategy.
Say hello to intelligent data loss prevention (DLP). The DLP we are discussing here is not traditional DLP; traditional measures are no longer enough to combat today's security threats. Modern technology has evolved and empowered organizations with three vital security capabilities:
- Data visibility
- Activity monitoring
- End-user behavior analytics
Using these tools and practices, you can foster a robust data security strategy. Let's explore these capabilities and what they can do for your data.
Organizations must make informed, educated decisions specific to their security needs. A comprehensive understanding of what security measures you need and why it is prudent are the building blocks to success. Data visibility informs you of changes to your data security strategy when factually rooted.
Where does your data travel to? It's common practice today for data to journey across platforms and to different (and many) access points. Obtaining a transparent view of your data flow is not only a requirement for many data security regulations but also necessary for comprehensive data security.
The second part to data visibility is understanding who can access your data. Is the user accessing your data an employee or are they an outside, unauthorized threat? By now you have heard of the latest data regulation, GDPR that mandates that organizations must know where their data is and who can access it. Also, organizations must satisfy data subject requests, such as the right to erasure or to be forgotten. An organization cannot fulfill those data subject rights if they are unaware of where they have stored data, and if you've forgotten, the penalty for violating GDPR is steep. It's up to €20 million, or 4 percent annual global turnover – whichever is higher.
DLP software is the window to your data that you need. If your data is compromised, you can look back and view where your data was accessed and by whom. You cannot prevent further attacks or repair your infrastructure if you can't pinpoint the source where your data was compromised.
Simply put, if you do not know where your data is at and who has access to it, then how can you protect it?
The recent Tesla data breach will be our case example for the life of this article. Throughout this article, we will analyze DLP capabilities and how they apply to the breach at Tesla.
Tesla was recently affected by an insider attack. The insider configured computers to deliver data to third parties to leak news regarding Tesla's scrap material and processes. Tesla can utilize the data visibility feedback on the DLP-supplied integrated dashboard to assess how the user accomplished this. This knowledge is necessary for proper forensics, in order to adjust their security framework and policies so this is preventable in the future.
What do your employees do during their workday? Working diligently to maintain the integrity and security of your data, hopefully. Unfortunately, insider threats and cyberattacks are on the rise, and there's no such thing as being overprepared when it comes to data security.
Insider threats account for nearly 75 percent of security breach incidents? Wouldn't it be a lifesaver to receive an alert about unwarranted and/or suspicious activity occurring with your data caused by a user, vendor or outsider? DLP's automated policy-based smart rule alerts do this for you.
After you have achieved data visibility and can outline your objectives, you can create policies to govern the activity of your data. DLP's alert capability notifies administrators of any activity that is a policy violation. If opening unknown attachments is a policy violation, enter this rule into your software to stop users from doing this action (or any action chosen by you) by notifying, redirecting, blocking or locking out the user. Email, website, application, instant messaging and network monitoring are all part of this capability.
The activity monitored is also recorded and logged, creating an IT forensic report. This way, if a data breach occurs or further investigation into unallowed activity is required, the organization can refer back to the incident using history playback feature. The IT forensic report can be detrimental evidence for solid security practices in the wake of a breach or audit.
Tesla's reported disgruntled ex-employee installed hacking software on computers that exfiltrated gigabytes of sensitive data to unknown third parties. The software was even formatted to continue to export data after the insider left the company.
Activity monitoring combined with real-time alerts can assist in identifying or preventing any unauthorized software from being installed as well as stopping any data exfiltration attempt.
End-user behavioral analytics (EUBA)
Machine-learning abilities take your data security strategy up a notch. Forward-thinking technology has coupled user analytics and IT forensics to create a steadfast DLP solution. This feature "learns" user behavioral patterns to format a behavioral baseline and identifies deviations with smart rules and alerts that are sent to the administrator. Coupling this feature with the activity monitoring alert creates an extra defense layer to your security strategy.
When an end user makes the conscious decision to go from employee to insider threat, your data security strategy must shift as well. This decision to go from asset to threat is marked by behavioral changes. Some of the changes recorded may be working outside of usual hours or accessing data that's not part of their usual tasks. The behavioral anomalies will be recorded along with actions made (thanks to activity monitoring). This forensic data is brought to the attention of admins in real time as the actions occur so swift investigation can begin.
EUBA can also indicate users that are struggling or working at a level that puts your security level at risk. Use this feedback to power training sessions with appropriate material to mitigate this.
In Tesla's case, the individual responsible for the data breach may have displayed certain characteristics, such as spending time on other devices (to install the hacking software) and accessing large amounts of data. These actions would be controlled and recorded with EUBA in DLP.
The insight provided by DLP software and these key capabilities are crucial to identifying and monitoring your data flow, traffic patterns and behavioral benchmarks. The metadata that DLP software generates supplies organizations with the ability to mitigate threats and become proactive rather than reactive.
Further, DLP software has evolved into a formidable addition that will harden your data security strategy. With the help of DLP, your company can deploy fully customizable, automated security tactics to provide an acceptable security environment regulated by a robust security strategy.