The threat of attack by shadow gangs of hardened cyber-criminals has become a fact of life for most organisations, but for many businesses a data breach is more likely to originate from a careless click than a concerted cyber-attack.
The most common type of security incident reported to the Information Commissioner's Office is the simple act of sending an email to the wrong recipient. Even seasoned professionals can easily fall foul of this split second mistake, especially with most email services providing an autofill for the address bar, as well as the increasing number of messages sent on the go from mobile devices. Alongside accidents, email is also a common tool for many insiders seeking to exfiltrate confidential data.
Data Loss Prevention (DLP) was formerly the stalwart choice of tool to prevent these kinds of breaches, with solutions able to identify confidential data and prevent it from leaving the network. When well configured, it can still provide comprehensive defence against the risk of sensitive information leaving the network. But, with the endless variety of data types that must be run through policies, achieving this level of precision can be a daunting task, let alone maintaining it. As a result, these programmes have often ended up falling by the wayside.
Powerful but limited
One of the things holding DLP back is that it struggles to identify unknown data formats, unstructured data, and encrypted content. These data types commonly account for a vast majority of the assets on the network. An old but still popular rule-of-thumb first proposed by Merrill Lynch holds that 80 to 90 percent of data is unstructured.
Text documents and Excel spread sheets and other unstructured data, are also generally the ones being shared by workers on a regular basis – and the biggest source of a data leak - and therefore in definite need of being properly identified and vetted for sensitive content.
The biggest limiting factor, however, is that it is entirely reactive – it must be told what to do with strict policies set in advance. This means that for it to remain effective, the IT team must work to constantly foresee potential threats and set policies in advance. This means DLP essentially becomes an eternal project that can never be finished while continuing to consume resources.
Bringing in DLP 2.0
Most businesses are extremely reluctant to shelf a solution once enough has been invested into it – and simply scrapping a DLP solution entirely is usually unfeasible, as starting from scratch is an intimidating prospect.
The good news is that existing DLP can easily be enhanced with other technology that can fill in the gaps and enable it to play to its strengths – essentially upgrading it to “DLP 2.0”. An advanced Data Classification software is the perfect fit for this task. This solution can use content, context, and various metadata characteristics to provide a structure for the unstructured data that DLP solutions usually struggle with.
One risk of attempting to use two different solutions together is the likelihood of them redundantly covering the same ground, while missing out other tasks entirely. To ensure the DLP and data classification suites work together effectively, the data loss prevention policies should be applied by the DLP endpoint agent, leveraging the data classification and labelling to decide whether to block, allow or quarantine the contents.
All of the data classification and labelling is handled automatically upstream, which means that the DLP no longer has to do all the heavy lifting and simply needs to check which policies are in place, greatly improving performance. Files can also be automatically classified into a number of different custom categories based on their sensitivity. Certain confidential data can be labelled as ”internal use only” for example, meaning that they cannot be attached to emails that are being sent externally, or copied from the network.
Because this happens automatically, human error becomes much less of a factor, as there is no need for users to remember the process.
With the additional abilities of a powerful data classification system, DLP solutions need no longer gather dust on the shelf. Upgrading to DLP 2.0 means that security heads can fine-tune how policies are applied to match all of the specifics of their organisation, while also keeping things transparent for both end-users and for auditing and compliance.
Contributed by Rui Melo Biscaia, director of product management, Watchful Software