Data leaks: How you can most effectively protect your client’s data
Your client’s datacentre is a target. For hackers, for opportunists, for professional criminals and for rogue operators. Why? It holds data, lots of it and it hosts applications. Some valuable, some mission critical, some old and useless. But regardless of the type and utility of the facility’s data and hosted applications, their stakeholders rely on them to protect their business processes from spying eyes. It’s a huge responsibility and one that should be at the very forefront of your client’s business processes.
“Data loss prevention is back in the headlines,” says Jonathan Odria, sales director at Exclusive Networks, Australia’s most experienced distributor for Fortinet, a global leader in the provision of cyber-security solutions. “The so-called Panama Papers data leak caused all sorts of havoc around the world and the reverberations are still making waves. The ironic part is that the target firm, handling the details of literally billions of dollars of off-shore transactions, didn’t invest a comparative pittance into protecting that data. If your client’s datacentre holds sensitive data, they need to ensure that it stays put. That’s exactly what data loss prevention (DLP) provides.”
DLP: Neither mysterious nor difficult
“Data loss prevention is not mysterious nor especially labour-intensive,” continues Odria. “DLP is a solution that, when applied at the endpoints, core, at individual segments on the network itself and especially email servers and mobile devices, prevents unauthorised users from sending any and all data outside the network.”
A robust DLP solution defines sensitive data, identifies and locates where that data resides and then assigns and tailors levels of access for various users and groups. Specifically, the DLP ‘tags’ certain data classification - such as credit card numbers or customer account data - in need of enhanced protection based on rules set by the business security policies.
Protecting email: The DLP ‘killer app’
“In the Panama Papers incident,” explains Odria, “someone emailed 11.5 million documents from the compromised network and no one even noticed. With DLP, the Panamanian-based overseas investment firm might have saved themselves – and their clients - a lot of unwanted publicity.”
DLP is optimised to prevent email-based data loss. Email provides a ready-made tunnel through which cybercriminals and malicious insiders can siphon data from the network. DLP provides a vital line of defence that spots emails containing any unauthorised data. The DLP then notifies the system administrator of a policy violation whilst denying the transmission of the email altogether. It’s fast, easy and stops any data leaks cold.
DLP can also be a valuable tool for IT administrators, enabling them to create, refine and enforce access policies, gain visibility into data flow at the granular level, filter data streams on the network and protect information both in transit and at rest.
DLP has other uses as well such as tracking and identifying digital assets. Before data can be prevented from exiting via email, on disks, USB drives or over cloud platforms, organisations first have to know where the data is located. That information ultimately arms organisations with the knowledge that simultaneously fulfils a multitude of objectives ranging from security strategy and compliance to Big Data and asset management projects.
DLP: The time is now
“Stopping sensitive data from leaking out of the network is just the starting point for a good DLP solution,” concludes Odria. “DLP satisfies a wide array of increasingly stringent and enforceable compliance requirements by giving organisations the ability to not only discover and pre-emptively act on data loss but document the process for impending audits. Savvy datacentres can put DLP at the hub of their operations to keep their data safe and provide increased visibility into their entire set of data holdings. DLP represents an investment in security that your clients can’t afford to overlook.”