Home / A+ Certification / Beginners

Data Security

Data security is concerned with the protection of the confidentiality, integrity, and availability of data. A wide range of tools, techniques, and policies are used to control access to data. However, the most prevalent is encryption.

Data loss prevention (DLP)

Data loss prevention (DLP) is both a company policy and a product available on the technology market. As a company policy, DLP focuses on implementing defenses against data loss and theft. As a product, DLP is a technology solution that can assist with the fulfillment of a company's DLP policy.

Data loss is a serious risk to any organization. Data loss due to outright theft or loss due to accidental misplacement can both be disastrous events for a company. Data loss involves situations in which unauthorized personnel, competitors, outsiders, or others gain access to private, personal data or proprietary, trade-secret, corporate data. When information disclosure occurs, the damage that results could be just a minor inconvenience or could be something more significant, such as identity theft or the closure of an organization. Organizations everywhere need to take the loss of control of valuable data seriously.

The goal of DLP is to focus on the potential for data to be lost or disclosed, and to implement preventions. DLP can also include defenses and detections to make the act of data theft more difficult to perform. DLP is often implemented by using many other common elements of a general security solution, but with the primary focus on preventing data loss. These elements include training, system design and architecture, and hardware and software tools.
It is fairly common for DLP to be a central part of any security solution. The typical company security policy always includes elements that can be labeled as preventing the loss or disclosure of data to unauthorized parties.

A DLP system is intended to detect potential and occurring data breaches. Any occurrence of data exfiltration is unwanted, and DLP attempts to thwart such events by using an approach based on monitoring, detection, and interruption of unwanted data activities. DLP can monitor events taking place at endpoints, such as a data file being opened by a user or accessed by an application (known as in-use events). It can also monitor transmission events as data is moved between locations on the network or between networks (known as in-motion events). DLP can also monitor data at rest in storage, whether the location is local online storage or remote archival storage (known as in-place events).

Data loss or leakage events can occur either by means of malicious intent or accidental mistakes. In either case, DLP can reduce the likelihood of actual data exposure by detecting and interrupting the unauthorized data flow. Various DLP implementations, such as in-use, in-motion, or in-place implementations, can be combined to establish a broad detection and prevention matrix for an organization.

The terms data loss and data leak are often used as synonyms, but in fact they are different. Data loss occurs when information is lost or otherwise inaccessible to the authorized owner. The loss of a USB drive or a backup medium are examples of data loss. A data leak occurs when data is obtained by an unauthorized third party. A data loss can lead to a data leak, which is why they are often seen as interchangeable terms. A DLP solution attempts to address both loss and leakage.

DLP solutions are often an important part of maintaining compliance with government regulations, industry standards, or contractual obligations against data loss. For example, HIPAA (Health Insurance Portability and Accountability Act) compliance requires DLP. Similarly, the PCI DSS (Payment Card Industry Data Security Standard) requirements necessary to be allowed to process credit cards often include DLP implementation.

There are a wide number of DLP products available in both open source as well as commercial form. One example of an open source DLP solution is MyDLP (www.mydlp.com). Examples of commercial DLP products include Microsoft Forefront (www.microsoft.com/forefront) and Symantec Data Loss Prevention (www.symantec.com/data-loss-prevention). Several other DLP products are also available on the market.