Learn what Data loss Prevention is, how data loss prevention technology works how to choose a solution and steps for a successful data loss prevention plan for your company.
Why Should Your Company Have a Data Loss Prevention Plan?
1. Why Should Your Company Have a
Data Loss Prevention Plan?
Brian Rosenfelt
• What is Data Loss Prevention (DLP)?
• How Data Loss Prevention Technologies Work
• Choosing a Data Loss Prevention Solution
• Steps for a Successful Data Loss Prevention Plan Implementation
T E C H N O L O G Y P A R T N E R S
Share this e-book
www.skodaminotti.com | 440.449.6800 | 6685 Beta Drive Mayfield Village, C H 44143L
T E OH N O O G Y P A R T N E R S
2. 01
Introduction
Data loss events happen at businesses large and small - a lot more often than many of us realize. Although some are targeted
and malicious, many of these events are caused by highly trusted employees who accidentally leak intellectual property and
data into commonly-used, untrusted zones (personal email addresses, USB drives, etc).
It’s important to not wait until a breach occurs to implement data leakage solutions. Without a comprehensive security
structure to your network, you may not even know if security breaches are occuring. We want to help you understand how
your company should be protecting its most important information.
The topics covered in this e-book include:
• What is Data Loss Prevention (DLP)?
• How Data Loss Prevention Technologies Work
• Choosing a Data Loss Prevention Solution
• Steps for a Successful Data Loss Prevention Plan Implementation
If you are interested in learning more about data loss prevention, and the solutions that are available to protect your company’s
data, I invite you to continue reading this e-book.
About the Author
Brian Rosenfelt, Technology Consultant - Skoda Minotti Technology Partners
Brian is a principal with Skoda Minotti Technology Partners. He has
16 years of IT experience. Prior to joining the firm, he founded Computer
Troubleshooters Independence, after a successful career as a controller, CFO and
perations executive in various industries.
Brian graduated from the University of Maryland’s Smith School of Business
and holds an active CPA certificate. He also holds several telecommunication
certifications, including being a Certified 3CX Consultant and FtOCC (Fonality Trixbox
Open Communication Certification) from Fonality. He is a member of the American
Institute and Ohio Society of Certified Public Accountants, the Society for Human
Resource Management and the Northeast Ohio Software Association. He also
spends time volunteering with Cleveland Social Venture Partners and the Jewish
Community Federation.
Share this e-book
T E C H N O L O G Y P A R T N E R S
3. 02
What is Data Loss Prevention (DLP)?
To understand the importance of data loss prevention for your company, I think it’s important that you first understand what
data loss prevention is and the different kinds of data your company needs to protect.
Data loss prevention is a buzz word that’s quickly growing in popularity in the information technology world. Put simply, data
loss prevention refers to systems and procedures that enable organizations to reduce the corporate risk of the unintentinal
disclosure of confidential data. It may seem like a simple concept, but the leakage of your company’s intellectual property
and/or confidential data could cost you in the ways of financial loss and fines brand damage, and more.
To help you understand how you can protect it, you need to know where your data lives. There are three kinds of data and this
should help you understand each of them:
1. Data at Rest - To understand this concept, you can ask yourself, “Where is my confidential data stored?” This can be any
data that is stored on file servers, databases, backup drives, mail servers, etc.
2. Data in Motion - Here, you can ask yourself, “Where is my confidential data going?” This can be any data that is moving
throughout the network (especially from inside the network to outside the network via the Internet).
3. Data in Use - To best understand this concept, ask yourself, “What individual devices have access to confidential data?”
This can be any data that resides on end-user devices such as workstations, laptops, tablets, Smartphones, external drives
and other mobile devices.
It’s important to understand that a good data loss prevention solution will provide monitoring and protection for all three
categories of data.
“It may seem like a simple concept, but the leakage
of your company’s intellectual property and/or
confidential data could cost you in the ways of
financial loss and fines, brand damage and more.”
Share this e-book
T E C H N O L O G Y P A R T N E R S
4. 03
How Data Loss Prevention Technologies Work
So, we’ve talked about what data loss prevention is. And, maybe
your company does need help implementing a plan. But, you
want to better understand exactly how it works before you
implement a plan of your own. We can help you with that.
Remember the three kinds of data we discussed earlier?
1. Data in Motion
2. Data at Rest
3. Data in Use
And, also remember, that we also mentioned a good DLP
solution would protect all three types.
Here’s how an effective data loss prevention solution works to
protect each type of data:
First, the solution must be able to monitor the network to ensure that “Data in Motion” is protected against unauthorized
transfers. One example is employees emailing sensitive files to themselves using public webmail services like Gmail, Yahoo,
AOL, etc.
Second, the solution should be able to monitor all file storage locations “Data at Rest” and ensure users aren’t manipulating
that data in a way that violates the data loss prevention policy. For example, preventing employees from copying data from a
file share to a USB drive.
Finally, the solution should have an “agent” component that can be installed to protect the “Data in Use” on end user devices,
such as workstations and laptops to ensure that policies aren’t violated, even when those devices are outside of the corporate
network.
Above all, the most important piece to a functional data loss prevention plan comes in educating the employees of your
organization, so that they know and understand that they are responsible for ensuring its ‘health and safety’. Helping them to
understand this concept, and explaining the ways your policy will work to do just that, can be instrumental to your data loss
prevention plan’s success.
Share this e-book
T E C H N O L O G Y P A R T N E R S
5. 04
Choosing a Data Loss Prevention Solution
If you didn’t know you need a data loss prevention plan before - you
do now. Let’s give you a few more reasons why you should have one.
The obvious reason - To protect against intentional and unintentional
data leakage. Above that, going through the process of creating a
data loss prevention plan and policy gives your company intelligence
as to where and how your data really is being stored, moved and
used. Lastly, implementing a solution can help identify areas for
process improvement (e.g. a developer sending source code to a home computer to work with because they didn’t have the
resources they need in your office).
Here are a handful of questions that you can ask your provider when choosing your data loss prevention solution:
Where does the product look for data across your network? Does it find sensitive data just traveling your network, on your
database and file servers, or does it look at data on local desktops?
Can the data loss prevention agents accomplish other security-related things on the endpoints? Some vendors can turn off
USB connectors to block someone with a thumb drive from walking away with all of your customer data in their pocket. Others
can control which applications can and can’t be run on your workstations, laptops or even tablets.
What protocols can be blocked or analyzed? Just protocols involving email (SMTP, POP and IMAP)? What about file transfer
technologies or instant messaging?
How hard is it to create – and then change – the data loss prevention rules? A DLP tool is only as good as its ability to have
rules updated easily over time. Can your IT staff (or outsourced provider) easily update rules as new threats are identified or
company policies updated?
What happens when a rule is broken? Can you figure out who violated the policy, where the offending information is stored,
and what kinds of automated responses can be sent? Does the product come with pre-defined templates to make all of this
easier?
Is the content analysis portion a separate or integrated piece of the product? In some cases, such as McAfee’s data loss
prevention solution, you are going to need several different products to be installed to enable a complete solution.
What kinds of reports are available, and are they easy to understand? Does the product offer any real-time reporting
capabilities, and how flexible are these reports?
Share this e-book
T E C H N O L O G Y P A R T N E R S
6. 05
Steps for a Successful Data Loss Prevention Plan Implementation
So, you’ve decided to implement a data loss prevention plan.
Once you have the systems in place to begin monitoring the data
within your organization, here are some steps that you can take,
internally, to implement a successful DLP solution:
1. Identify Key Participants – Assemble those that should be
involved internally when you identify data loss. Participants
may include IT, HR, and operations employees. Identify the
individuals and meet with them to work out what situations
they will need to be involved in.
2. Develop a Notification Process – Do you have processes ready if a regulated data breach occurs? Who will be notified? Is
your legal or compliance team ready to meet requirements, such as breach notification laws? Get your compliance people
in the loop and have them write the process with you.
3. Fix Broken Business and Weak Processes – Assume that you will find broken business processes, like automated file
transfers to partners in clear text over the internet instead of encrypted or over private line. You’ll spend time getting these
fixed.
4. Create a Plan for Handling Theft – Talk with HR to establish a process if you uncover insider theft. Give HR a heads up and
involve them in the roll-out. The insider may be at a senior level, so consider that, as well.
5. Establish the Response Team and Workflow – Map out your incident handling and resolution process, as a flowchart. Who
will be on the incident handling team? In larger organizations you might have: First level reviewer (making sure the incident
is properly classified with the right severity-typical in large enterprises), IT, Security, Compliance, HR.
6. Set a Timeline for Incident Resolution – Set goals for making sure incidents are handled in a timely manner.
• First level review of all incidents within x amount of time
• Resolve all high severity incidents within y amount of time
• Close all incidents within z amount of time (resolving incidents within 2 hours)
Share this e-book
T E C H N O L O G Y P A R T N E R S
7. 06
Steps for a Successful Data Loss Prevention Plan Implementation (cont.)
7. Establish Reporting and Automate – How are you going to track things? Decide what reports you’ll need to have and
who should get them. Set up scheduled reports so that you know what is happening and that your team is resolving
incidents within your timeline. Reports for:
• Incidents Created
• Incidents Closed
• Open Incidents Status – by age, severity, owner
• A report sorted by the type of data or by policy that was violated
• Summary reports for your CSO or execs
8. Plan Roll-Out Stages – It’s important to plan your roll-out in stages rather than trying to attach the problem all at once.
• Select data and policies to be implemented in stages, e.g. first the customer billing database for PCI violations,
then the next set of data and policies for state privacy regulations, then company IP data and policies.
• Roll-out and test your policies in a monitor only mode, to set a baseline. But you have to be prepared for a sig-
nificant breach to happen. That’s why we advise people to anticipate data loss and prepare for it in advance.
• Decide when you will have the solution notify end users and what you expect of them. Use this for user educa-
tion about your polices on data handling. You can expect to see the number of incidents drop as users are
notified on each violation. Set up your reporting ahead of time so you can track.
For a no-risk analysis of your company’s data, or to simply meet and discuss your company’s data loss
prevention needs, give our Technology Partners group a call at 440-449-6800.
Share this e-book
T E C H N O L O G Y P A R T N E R S