Data Loss Prevention (DLP) - Fundamental Concept - Eryk
•
2 likes•1,235 views
This document discusses data loss prevention (DLP) concepts and implementations. It begins with an overview of data governance and the data lifecycle. It then defines DLP, explaining how DLP solutions protect data in motion, at rest, and in use. Sample DLP deployments are shown, outlining key activities and considerations for implementation such as governance, infrastructure, and a phased approach. Finally, examples of DLP use cases are provided for data in motion like email and data in use on workstations.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Similar to Data Loss Prevention (DLP) - Fundamental Concept - Eryk (20)
More from Eryk Budi Pratama
More from Eryk Budi Pratama (20)
Recently uploaded
Recently uploaded (20)
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
- 1. 11 DATA LOSS PREVENTION Eryk B. Pratama, M.Kom, MM, IT Advisory & Cyber Security Consultant at Global Consulting Firm APTIKNAS Webinar Fundamental Concept in Enabling DLP System Asosiasi Pengusaha TIK Nasional Indonesian ICT Business Association
- 2. Agenda 01 Data Governance 02 DLP Concept 03 DLP Use Case
- 4. Data/Information Lifecycle Data Governance Source: ISACA – Getting Started with Data Governance with COBIT 5 It is important to plan the life cycle of data along with their placement within the governance structure. As practices operate, the data supporting or underlying them reach the various levels of their natural life cycles. Data is planned, designed, acquired, used, monitored and disposed of. Critical information security control Store | Data at Rest Share | Data in Motion Use | Data in Use
- 5. Data Governance: Common Area Data Governance Source: https://www.pinterest.com/pin/838584393089888744/ Data Security is one of foundational and important area in Data Governance
- 6. Data Governance: Practical Area Data Governance Data Lifecycle Data Classification Data Loss Prevention Data Retention & Destruction Data Encryption / Obfuscation Data Access Assesses the organization’s current practices in the analysis of data risks from data creation, to transfer, storage, process and destruction. Assesses categorization of data based on criticality / sensitivity and value to the organization. This refers to the protection of data in motion and at rest, using content inspection and analysis. Assesses storage or archival and destruction of data to support regulatory requirements as well as business/operational needs Assesses the conversion of data to an unreadable format to protect data from access and leakage. Assesses the control of access to data ensuring that only authorized individuals or groups have access. Practical Area of Data Governance
- 7. Data Loss / Leakage Prevention Concept
- 8. Data Loss/Leakage Prevention Solution Data Loss / Leakage Prevention Concept A Data Loss Prevention (DLP) solution typically incorporates people, process, and technology to protect sensitive data traversing throughout an organization. Data within an organization is often categorized and protected by DLP in the following three different forms: Data in Motion Data at Rest Data in Use Data that is transmitted or moved, both through electronic or non-electronic means. Data that is actively traveling on a network, such as email or web traffic. Data that resides on a stable medium, including servers, network shares, databases, individual computers, and portable media. Data that has been obtained and are being processed or actively used. Typically, referring to data on end-user computing device or host systems. Structured Data Unstructured Data Semi-structured Data Data commonly stored in databases or applications Exists in filesystems or documents Examples of such data format types include email Data Type
- 9. Sample Deployment Data Loss / Leakage Prevention Concept ILLUSTRATIVE
- 10. Sample Deployment Data Loss / Leakage Prevention Concept ILLUSTRATIVE
- 11. DLP Implementation Key Activities Data Loss / Leakage Prevention Concept Review of the organisation data protection policy and conduct gap assessment Define data flows, data classification and information asset list DLP Framework and High-level Policy Definition Base policy creation and tuning Metrics definition Incident response workflow creation User awareness
- 12. DLP Implementation Consideration Data Loss / Leakage Prevention Concept Governance & Process ▪ Data handling requirements are clearly defined by data classification level. ▪ Data protection and data management requirements are clearly defined for DLP use cases. ▪ “Steering Committee” is established to serve as project sponsor and to review and approve of all business rules and tool administration processes. ▪ DLP solution is started in monitoring mode to help ensure policy/rule effectiveness and assess the business impact before turning on any prevent functions. ▪ All “at rest” and “in motion” rules are deployed with very high thresholds initially, so that a manageable number of findings are discovered during the initial tests. Governance and processes establish the foundation for the DLP implementation. The following elements are critical to DLP program success. Infrastructure DLP can add overhead to organization’s infrastructure. Considering the following elements to ensure DLP does not become a “bottle neck” to the organization’s infrastructure. ▪ Implement redundancy for all network DLP components. ▪ Ensure the endpoint DLP agent does not conflict with deployed endpoint security solution. ▪ Adoption of a single vendor DLP solution for both network and endpoint allows uniform enforcement of defined policies and rules. ▪ Test the DLP solution extensively within a lab or test environment. ▪ The DLP management console should be placed in a segregated network or trusted network zone as incidents captured by DLP management console may contain sensitive data.
- 13. DLP Implementation Strategy Data Loss / Leakage Prevention Concept Organizations often deploy DLP solutions using a phased approach. This includes initial implementation of the DLP solution in monitoring mode and/or within selected business unit(s) to help ensure policies/rules effectiveness and assess business impact before turning on any automated “prevent “functions. LowHigh Near Term Long Term ImplementationComplexity Email Monitoring Network Monitoring Endpoint Monitoring and Discovery Email Filtering/Blocking Network Filtering/Blocking Endpoint Filtering/Blocking Timeline Prevent PhaseMonitor Phase Benefits ▪ By performing Email DLP first, existing technology is utilized and a high-risk use case is addressed quickly ▪ Implementing endpoint DLP after email DLP allows company to address the remaining high-risk use cases. ▪ Deploying DLP in monitoring mode followed by preventive mode allows company to pilot solution
- 14. DLP Use Case
- 15. Risk-based DLP Use Case: Data in Motion DLP Use Case Data Origination Outbound Email from Internal Source (Sensitive Information) User Action Internal user sends email with sensitive information (e.g. PII, PCI, HR files, etc.) outbound to an external user or personal email address. DLP Response DLP monitors and analyzes outbound traffic based on policies for predefined data elements and company document tags. Document tagging allows DLP to fingerprint files in order to monitor and/or prohibit the movement of sensitive information based on policies. Available Action Monitor, record/block/encrypt, and notify Result Sensitive information is tracked and prevented from reaching unauthorized recipient. Sender, manager, security, and/or HR notified of policy violation or actions required/taken for authorized recipients (e.g. email and attachments marked to indicate level of confidentiality and encrypted, as required).
- 16. Risk-based DLP Use Case: Data in Use DLP Use Case Data Origination Unauthorized Sensitive Information Download User Action User attempts to retain sensitive information for unauthorized use from an application or database through copy/paste functions, the “print screen” command, hard copy printing, or exploitation of current access privileges to execute excessive sensitive information downloads (e.g. prior to departure). DLP Response DLP monitors workstation and mobile device activity for the use and/or transfer of sensitive information based on policies for predefined data elements and company document tags. Company document tagging and user- defined fingerprinting allow DLP to monitor and/or prohibit the movement of sensitive information based on policies. Available Action Monitor/inventory, block, and notify Result Sensitive information is monitored, blocking the “print screen,” paste, and hard copy print actions. The user, manager, security, and/or HR are notified of policy violation. Utilize scan results to update/maintain inventory of endpoints containing sensitive information.
- 17. Thank You ☺ https://medium.com/@proferyk https://www.slideshare.net/proferyk IT Advisory & Risk (t.me/itadvindonesia) Data Privacy & Protection (t.me/dataprivid) Komunitas Data Privacy & Protection (t.me/dataprotectionid)