InfoGuard AG (Headquarter)
Lindenstrasse 10
6340 Baar
Switzerland
InfoGuard AG
Stauffacherstrasse 141
3014 Bern
Switzerland
InfoGuard Deutschland GmbH
Landsberger Straße 302
80687 Munich
Germany
Today, data is critical to companies' business success, which is why it is important to take the right security precautions. This also means that important data must not leave the company inadvertently, because a loss of data can threaten the existence of a company. No company is exempt from this – be it via a cyber-attack, threats for within or simply due to carelessness. This is why Data Loss Prevention (DLP for short) is an important aspect of cutting-edge data protection and cyber security strategies – particularly with respect to implementing the DSGVO / GDPR. However, DLP does not necessarily assume that a dedicated solution needs to be implemented! In this article you will learn what this might look like in practice.
There are many different causes of data loss, and there are almost as many terms used to describe the ways of protecting against unwanted loss of data, as there are ways in which critical data can leave a company. Just some of these: are Data Leakage Protection / Prevention, Data Loss Prevention, Anti Data Leakage, Insider Threat Protection, Outbound Content Management and Data Extrusion Prevention. All of them have one thing in common: they are designed to stop data leaks and prevent unwanted data flow.
One thing is clear: DLP (Data Loss Prevention) is virtually indispensable for successful data protection and cyber security strategies, as well as for compliance with data protection regulations such as the DSGVO / GDPR.
Searching for data that is really worth protecting is for many already an almost hopeless maze. In fact, there are “only" two basic questions to be answered:
The first question is relatively simple to answer. Experience has shown that searching for the data is considerably more difficult. Many corporate networks have grown uncontrollably over the years and the amount of data worth protecting is increasing exponentially these days. Does this sound familiar? You need help with this. You can find out here how to find data worth protecting in the (data) jungle. But new communication channels (e.g. social media) or work related trends (home / mobile office and cloud) also create new risks of data loss.
Our tip: think about both historical and current data – be it on-premises centralised and decentralised, backup, cloud services, etc.
It is also advisable to perform a detailed analysis of cloud applications to ensure that outsourced office and file-sharing apps are included. Do you even know what cloud services your company is using? Because often it's not just those services that have been approved by the company. You can find out more about this in an earlier blog on "Shadow IT".
The next step is to classify the data according to its protection requirements and risk potential. A proven method is to classify the data into three categories: public, internal and confidential. This ensures a quick and easy rollout and keeps you on top of things. Check regularly to ensure that the data classification is appropriate, as a lot of data that initially requires a high level of confidentiality will lose the requirement over time, or data collection may need to be increased.
Clear guidelines need to be developed for dealing with the three categories. These policies govern the accesses and movements that are permitted for the different classes and roles and define binding instructions for data at rest, data in motion and data in use.
DLP is a core component of a cyber security strategy. To ensure that critical data is reliably protected, companies need to analyse and classify assets and to control access to regulated information with a policy-based approach.
Data Loss Prevention solutions, Network Access Control (NAC), Antivirus solutions, Information Rights Management (IRM) etc. are in fact indispensable tools for data protection. What is frightening is how often this risk is underestimated. Correspondingly, the proliferation of adequate protective measures is low. We hope that's not also true for you too…
If you are fearful that this is the case with you, here are some examples of best practice to help you. This will help you minimise the risk of data loss – even without a dedicated DLP solution.
So it is clear now that dealing with confidential data is a major challenge. Data loss prevention is vital and undeniably has many advantages, but there are also challenges involved that companies need to be addressing. In one of the next blog articles we will describe in detail how you can set up a project like this and implement it through additional measures or a dedicated DLP solution. To make sure you don't miss out on this post, subscribe to our weekly blog updates!
Also, data loss prevention projects always affect the entire infrastructure and data inventory. That's why they are so complex. For this reason, practically it makes sense to involve external experts such as InfoGuard at an early stage. Our Cyber Security experts have the corresponding project experience and the latest expertise. You can rely on us to put an end to data loss!