Posted by Kalyani M. on Jun 17, 2013
In 2012, global data breaches jumped up 117% from 2011. From 2011 through 2012, over 260 million records were breached, highlighting the need for data security standards worldwide. Such massive numbers show the necessity of implementing good data loss prevention programs for businesses of all sizes. For C-Level managers and IT administrators, DLP (data loss prevention, or protection) is the latest buzzword for businesses looking to protect their private data from hacking, seizure, or internal exploitation. Essentially, data loss prevention helps ensure that endpoints don’t become sources of leaked corporate data. To leverage technology in their favor, businesses should secure their sensitive data through strong DLP policies and secure cloud providers.
Data loss prevention programs accomplish three major things. Implementing DLP protects against unintentional leaks made by ignorant employees. Proper DLP also helps keep companies under compliance while protecting sensitive data from exploitation. And in an era of increased cyber attacks, data loss prevention programs help safeguard against hackers looking to crack company databases.
Before implementing data loss prevention programs, businesses should first fingerprint the data so that it can be tracked throughout the process. Businesses must then decide how monitoring should take place (either through continual host-based monitoring or by scheduled scans), enforcement and alerting measures, what data to evaluate, user access, and participating applications. Data can be monitored at rest, in use, and in motion. At rest, data can be monitored through scheduled scans. Such scans compare any changes between scanned data and the fingerprinted database, which acts as a test. In use, data access must be determined so that DLP tools can determine the context as well as content of the data for identification purposes. As different users will have different access rights, the context for data in use monitoring will shift from person to person. What could be completely valid use and access for one user could entail an attack for someone else. For companies that need to protect their data from internal exploitation, monitoring of data in motion helps identify potential data loss via printing or USB copying.
For data loss prevention programs to be successful, businesses will have to tap into a group of IT and HR specialists to establish tailored policies and procedures specific to the needs of the particular company. This is all preparatory work that must take place before choosing a set of DLP tools or services to help manage the risk of data loss. However, as companies turn to data loss prevention programs out of fear of attack or security breach, most still make common mistakes that still leave their data vulnerable. The most common mistake that newcomers to DLP make is attempting to cut costs by using non-trained staff to spearhead the new program. Traditionally, IT projects start with establishing business needs, requirements, and service-level agreements (SLAs). IT then implements and manages any relevant tools while reporting back on SLA adherence. Oversight of data loss prevention programs ultimately lies in the hands of the CFO or CIO, depending on how companies delegate info security. What makes DLP implementation stand out from traditional IT projects is the high degree of technological skill required to navigate the complications of data loss prevention procedures. Companies that don’t engage in cross collaboration to successfully implement new DLP programs are usually unsuccessful as the complicated implementation of DLP requires the skills and expertise of a variety of departments.
DLP and the Cloud
After securing data onsite, companies should finish the job of protecting their data through a private storage and sync solution. But finding the right third party cloud service can be a challenge as many cloud services on the market have glaring security gaps that leave sensitive company data vulnerable to third party attacks and even internal exploitation. One cloud service provider that sets itself apart from the market is SpiderOak. This private cloud offers the convenience and cost savings of cloud storage and sync along with 100% data privacy.
SpiderOak protects sensitive business data through two-factor password authentication and 256-bit AES encryption so that files and passwords stay private. Two-factor authentication is just like the process used by some banking services that require a PIN as an extra precaution along with a password in order to successfully log in. With SpiderOak, businesses that choose to use two-factor authentication must submit a private code through SMS along with their unique encrypted password. Businesses can store and sync sensitive information with complete privacy, because this cloud service has absolutely “zero-knowledge” of passwords or data. Plaintext encryption keys are exclusively stored on the company’s chosen devices, so businesses can rest easy knowing their data won’t be exploited by the latest third party threat. SpiderOak’s private cloud services are available on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for flexible solutions for business of all sizes.