Every entity has a potential data leakage problem. Too many organizations turn a blind eye to this problem and fail to take adequate measures to manage data leakage. The first step to controlling data leakage is to recognize that it is a problem and gain an understanding of how it happens.
Data leakage is a growing problem
Enterprises are relying more and more on the Internet for efficiency. Instant messaging, email and the Web are all major factors contributing to ease of communication and collaboration, especially given the rise of virtual teams and remote work. But using these tools as a communication device means you’re sending company data across an Internet connection. The potential for data leakage is enormous – whether inadvertent or intentional.
The implications and costs resulting from a single breach of sensitive data can have legal and financial implications – not to mention impacting public relations and brand reputation. After you’ve recognized the potential for data leakage, conduct a thorough analysis identifying the types of data you need to protect and where that information is exposed within your organization. This is the foundation of an effective Data Loss Prevention (DLP) plan.
Potential data leakage channels
Sensitive data can be leaked through a number of channels. Your data may be stored on physical servers, virtual servers, databases, file servers, flash drives, mobile devices, point-of-sale devices and of course PCs. Access points, such as VPNs, wireless connections and even wired connections, provide the connection necessary to leak sensitive data from any of these data storage locations.
If you’re like most modern companies, you more than likely employ most of these data storage options, if not all. The more data storage locations you utilize, the greater the likelihood of data leakage. And as more companies employ BYOD policies, VPNs and even company-issued mobile devices for network connections, the potential for data leakage increases exponentially. Data leakage from mobile devices is called mobile data exfiltration, and it poses a whole host of new challenges in data loss prevention.
It may not just be your company’s data which could be breached. Customer data is often just as sensitive, especially if it contains financial or personally identifiable information. Your intellectual property is also at risk.
Implementing Data Loss Prevention (DLP) practices
First and foremost, create strict DLP policies outlining the circumstances under which employees may connect to the company network, from which devices, and whether other applications may be run at the same time. Restricting personal emails via the company email server is also a helpful policy.
Using content-aware data loss prevention solutions will filter the content being sent across the network, preventing certain data from being sent or received based on the pre-defined filters set by the corporation. But with the many access points of today’s companies, how can you be sure you’re filtering data in the right location? There are a few different types of solutions for preventing data leakage.
- Network-based DLP protects the perimeter of the company’s network, monitoring traffic and outgoing data. Network-based DLPs act on data while it’s in motion.
- Datacenter or storage-based DLP protects your data while it’s in storage – not while it’s being transmitted across a connection. This protection acts as a barrier to access for servers and databases.
- End-point based DLP monitors user actions from PCs, laptops, point-of-sale devices and so forth. This solution is event-driven, looking for specific actions such as copying a file or sending an email, as well as online activities such as social networking.
Even if you haven’t had a data leakage event, now is the time to take action to protect your proprietary information from unintentional or purposeful leakage. The effects of a single breach can be far-reaching and potentially devastating for companies as well as consumers. Implementing sound policies and employing data loss prevention solutions can protect against data leakage.
Fergal Glynn is the Director of Product Marketing at Veracode, an award-winning application security company specializing in LDAP security cheat sheet from Veracode and other security breaches with effective risk assessment tools.