How much profit do you lose on the fact that your employees divulge confidential information about your company? How many of them store sensitive documents in cloud storage or on insecure USB sticks? No one is safe from errors, but DLP systems exist to prevent them.
In a broad sense, the DLP system controls everything, creating a secure digital «circuit» of your organization’s internal network. Now, the protection of trade secrets is only one of the tasks set for DLP. Today, data leak prevention systems offer complete protection for your business from internal threats. It is understood that the software will not only help to accurately identify the source of the information drain and block it in time, but also to understand the causes of the incident by putting together a chain of previous events.
However, DLP is not an evidence collector, as it may seem, but rather a «mirror» that reflects all the processes and conditions of your organization. Control occurs by filtering and analyzing data intercepted from the corporate network. For this, agents are used, duplication of packets from one port of a network switch to another and integration with a corporate mail and proxy server. There is an opinion that agent interception is the most effective method of controlling information flows. Let's take a closer look.
Pre-installed agents on each individual computer intercept all incoming and outgoing traffic, creating a single informational stream, carefully analyzed by the system in accordance with a given security policy. Agents can work both openly and in stealth, and the whole process can be compared with a conveyor belt, where the operator in real time rejects products, snatching them from the general flow of data. The system will respond to attempts by employees to bring information beyond the corporate network.
When you choose a DLP system, pay attention to 6 principles:
The more communication channels the DLP system can control, the more valuable it is, so you need to understand exactly which of your employees use them for personal and corporate purposes. Integrated solutions in the field of information security control the reception and transmission of traffic of almost all email clients, such as «MS Outlook», «Thunderbird», «The Bat!», Including accounts in external mail services (gmail.com or mail.ru). They intercept text and voice messages of all modern instant messengers (Telegram, Viber, Skype or SIP), correspondence in social networks. In addition, files transferred to USB-drives, documents sent to print, web page traffic and so on.
DLP should work in any networks without overloading them. A drop in the «speed» of the computer will cause suspicions among employees. The system should run smoothly in geographically remote networks on any number of computers. Pay attention to the support of mobile workstations, such as laptops and netbooks. The agent in offline mode must remove the same data as in stationary computers, and, after connecting the device to the corporate network, send the collected archive to the server.
A DLP system must be able to:
In addition to them, the function of monitoring the employee’s network activity at the workplace is «embedded» in modern systems. In other words, you will be able to evaluate the effectiveness of employees using their working time and adjust the load. DLP becomes your HR consultant. It will provide you with a convenient systematic report on violations of labor discipline in general and for each individual employee in particular, even awarding the employee a risk factor. Often, DLP has an incident investigation function. You will be able to create a dossier for violators and collect the maximum information about incidents before responding appropriately. As a package of evidence, the system will provide a chronology of the employee’s actions at the workplace, his letters, correspondence in instant messengers, screenshots and webcam recording.
When purchasing a product, you should not be alone with the program. The task of technical support is to help in the implementation of the DLP system in the network of your company and quickly eliminate the difficulties that arise, improving the functionality upon request of the customer. Good tech support is required to understand the nuances of information security better than you do. Pay attention to how deeply experts understand the architecture of operating systems, the principles of protection and networking.
The difficulty is, when you first acquainted with the company, you can evaluate the vendor's reliability only by indirect signs: the number of offices, the technical staff, and the number of licenses. In addition, the manufacturer must have licenses for the technical protection of confidential information, the development and production of CIPS (confidential information protection systems).
It includes both the cost of the system itself and technical support. Correct DLPs are assembled on a modular basis, that is, as a kit, and the price may vary depending on the number of modules purchased, communication channels that you intend to control (or not control). After the system is configured, monitoring and analytical functions will fall on it, which will significantly save your money. This means that your business will require fewer security officers to oversee staff.
Choosing a Data Leak Prevention System is not a fast process. However, it should be understood that the time spent on finding the best DLP system that is right for your business would fully pay off in the future. When familiarizing yourself with vendors, compare the functionality of the products they offer.
Get DLP, keep up with the times and do not worry about the information security of your business.