Most organizations will have some type of sensitive information about consumers, business partners, regulators and stakeholders and can suffer a variety of consequences if a data breach is experienced. These consequences can include financial reputational damage depending on the type and level of data loss. A key element to any IT strategy will include data loss prevention and it generally falls into two main categories:

– Drain: is the loss of confidentiality in which sensitive data is no longer under an organization’s control and can include hacked customer databases being used for identity theft purposes. In the largest single attacks of its kind, hackers stole 130 million credit card records from one of the world’s largest payment processors;

– Damage or Disappearance: for corrupted or lost. In 2009, a major mobile phone service provider in the US suffered widespread loss of customer data due to third-party cloud-based storage failures.

With the recent example of high-profile data loss in the Irish banking sector, management is carefully examining the different prevention mechanisms and asking if they are suitable for their organizational needs.

Data Loss Modes:

The data exists primarily in the following three states:

– Data at rest: resides in file systems, large central data stores, and databases;

– Data on endpoints: resides on network endpoints such as USBs, laptops, external devices, archived tapes, and CD/DVDs;

– Data in motion: it means data moving through the network to the outside world through email, FTP, instant messaging and peer-to-peer.

DLP capabilities

An effective DLP approach must have the following capabilities:

– Manage: Define enterprise data usage policies, report data loss incidents, and establish incident response capabilities to take accurate action;

– To find out: Define sensitive data, create an inventory and manage data cleansing;

– Monitor: Monitor sensitive data usage, understand sensitive data usage patterns, and establish business visibility into all data breaches;

– Protect: Enforce security policies to proactively protect data from potential loss or corruption on network endpoints, storage, and intermediate devices.

appropriate measures

To develop the above capacities, some of the main measures will include:

– Comprehensive Management of Computer Security: The integration of a firewall with IDS can be configured to monitor the status of controlled devices;

– Scan instant messages: Instant message scanning should be implemented to detect the transfer of sensitive data or malicious information;

– Migration of content license without license reacquisition: The migration of any content must be facilitated in the content migration section, conditions for the content that can be accessed or transferred;

– Mobile Access Devices: Mobile access devices must connect to the portal web server through secure interfaces;

Disaster Recovery Centers: for large companies with large data requirements, there is always a disaster recovery center, where primary database backups are replicated to a different physical location;

SaaS (Software as a Service): SaaS-based DLP mechanisms are being implemented for limited DLP implementations. With the rise of cloud computing, a new SaaS-based solution is in the works for larger DLP deployments. SaaS-based DL mechanisms provide email security, content discovery, and web filtering and monitoring.

Data security and integrity protection are key requirements for IT management, with IT infrastructure advancing and continually updating, and with threat levels growing daily, solutions for DLP are becoming more and more important. more complex and their priority within organizations.