Data Loss Prevention – Part 3 – How DLP Technologies Work
So, you’ve decided to implement a Data Loss Prevention solution for your business, but you have no idea how it works. We can fix that.
First, we need to identify the three major categories of data for you:
1. Data in Motion: Any data that is moving throughout the network (especially from inside the network to outside the network via the internet)
2. Data at Rest: Data that is stored on file servers, databases, backup drives, mail servers, etc.
3. Data at the Endpoint: Data that resides on end-user devices such as workstations, laptops, tablets, Smartphones, external drives and other mobile devices.
It’s important for you to understand… A good Data Loss Prevention solution will provide monitoring and protection for all three of these categories of data.
First, the solution must be able to monitor the network to ensure that “Data in Motion” is protected against unauthorized transfers. Examples include employees emailing sensitive files to themselves using public webmail services like Gmail, Yahoo, AOL, etc.
Second, the solution should be able to monitor all file storage locations (“Data at Rest”), and ensure users aren’t manipulating that data in a way that violates the Data Loss Prevention policy. As an example, preventing employees from copying data from a file share to a USB drive.
Finally, the solution should have an “agent” component that can be installed on end user devices, such as workstations and laptops to ensure that policies aren’t violated, even when those devices are outside of the corporate network.