* Sillas Martins
It is noted that in the past decades the data did not have the same importance as they currently are for us.
The lack of care with the information of customers, suppliers and employees and their availability in physical form, was associated with data loss, including the physical archiving of materials, made it difficult and demanded more time to search for information, however, in most cases, these data were not used as a strategic resource for decision making and did not stipulate a period of retention of this data, preventing future fraud analyzes, for example.
Analyzing these scenarios, it was possible to notice that the repetition of behavior was able to help the creation and enrichment of a database, where the information was stored and organized in a sequential way and easily determined so that they could be analyzed with greater caution.
Through technological advances, organizations have changed the way of producing and storing information, making it more accessible for analysis, bringing to the fore the possibility of extracting benefits such as strategic planning, allowing their horizons to be broadened more and more, making information one of its main assets.
However, with the discovery of the added value generated by the centralization of information, it causes organizations to routinely register numerous security incidents with an intentional or accidental origin.
Given this scenario, organizations allocate large financial resources to mitigate the effects caused by these incidents, one of the solutions that organizations usually use is the DLP (Data Loss Prevention), which aims to ensure that confidential data is not leaked or manipulated by malicious people.
Impact of loss of organizational data
The prevention of data loss is a topic that organizations have addressed with extreme importance, mainly due to the force that European law General Data Protection Regulation (GPDR) achieved and by the projections of importance that the General Data Protection Act (LGPD) tends to reach in Brazil.
The fight against data loss occurs on several fronts since, after studies and market evaluations, the reason for the occurrence of these incidents was perceived, understanding that malicious or careless employees caused problems related to data loss.
As a solution to minimize and mitigate this type of incident, the implementation of security controls and good practices, based on frameworks and ISO / IEC 27001: 2013, which refers to the Information Security Management System, it is possible to deal with part of this problem and make employees aware by applying periodic Information Security training, which contextualizes the theme, importance, correct use and the effective use of tools that allow the execution of processes for data monitoring, ensuring that important data is not lost or falls into the hands of unauthorized people, warning that if the incident materializes, it is possible to identify and track the occurrence - as an example of functionality of the Data Loss Prevention (DLP).
What is the purpose of a DLP tool?
The main purpose of DLP tools is to perform analysis on the data of what travels through the network and workstation, making comparisons of the identified item, with rules and policies previously established in the tool, which include internal and / or external corporate standards that contain words keys and regular expressions (among other contents) that are generally used in specific activities, for example, in exchange for e-mails in a bank process, information such as: CPF, card number, cvv, standards for contract numbers they can be shared due to the performance of this specific activity by the institution, but when it identifies that this data is considered critical for the business, it starts to be monitored.
Regardless of the form of sharing, whether by network folder, e-mail, communication tools, via USB ports etc., the tool performs the classification of logs and alerts using as a basis the criticality and rules defined by the organization.
Some methods of detecting data leaks using the DLP tool are:
- Content-based;
- Storage and e-mails;
- Protection endpoints;
- Protection of mobile devices;
- Protection on data in motion;
- Protection of unstructured data.
The main methods of prevention can be applied to data traffic on the corporate network, data at rest, e-mails, the web or through removable media.
The main tools in the market are able to identify structured and unstructured data sources such as JPEG, PDF, DOC among others, in addition to providing reports to identify areas of vulnerability.
By using its tools, the company now has assertive security to prevent corporate files from being shared, stolen or used without your authorization.
* Sillas Martins is a Consultant in GRC & Information Security
