the best practices to avoid data loss a whitepaper on data...
TRANSCRIPT
The Best Practices toAvoid Data Lossand SafeguardYour Critical Information
A whitepaper on Data Loss Prevention (DLP)technologies andwhy companies need it
www.seqrite.com
TABLE OF CONTENTS
Executive Summary
Introduction
The Prevalent Risk of Data Leakage
a. External Threats to Critical Data
i. Data storage as an anomaly
ii. The risk of Advanced Persistent Threats (APTs)
iii. Advanced malware and customized Trojans
b. Round the Clock Internal Threats
De�ning Data Loss Prevention Technologiesfor Business
a. Classifying Data for Best Business Practices
A Microscopic Approach to DLP ImplementationPrograms
a. Classi�cation of enterprise information, data location and transfer pathways
b. Establishment of intricate policies and high-level processes
c. Storage-based implementation of DLP protocols and processes
d. Remediation of data classi�cation or policy violations
e. Maintenance and remodeling of ongoing DLP programs
Business Bene�ts of an Integrated DLP Program
Conclusion
01
02
03
03
04
05
06
06
08
09
10
10
11
11
12
12
13
15
www.seqrite.com
An increasing volume of business information assets are distributed digitally today. Organizations simultaneously have to accelerate business processes, which leads to the wide proliferation of documents via digital mediums. Combined with BYOD policies and cloud-based storage services, the ever-growing risk of data leakage has pervaded IT policy makers and CSO’s of enterprises of all sizes.
In this whitepaper we delve into the prevalent security risks of data leakage within an organization. Data security runs the risk of being compromised by myriad di�erent external and internal threats. External threats abound in the form of insecure data storage channels, Advanced Persistent Threats (APTs) or customized Trojans. However, a majority of data leakage incidents occur due to accidental or deliberate data disclosure by employees and company insiders.
Enterprises thus need clearly de�ned data loss mitigation strategies to be implemented within their existing security structure. This is where Data Loss Prevention (DLP) comes into the picture as it provides the technology and tools to achieve this. Business enterprises of all sizes can utilize DLP protocols for data monitoring, auditing, reporting and proactive prevention of critical information disclosure.
DLP tools classify data on the basis of being at rest, in motion or in use. Hence these tools provide enterprises with the �exibility to develop and alter their mitigation strategies. As a result, Data Loss Prevention (DLP) tools protect con�dential data within the company, safeguard Intellectual Property, lower operational costs and bolster the enterprise security of an organization.
EXECUTIVE SUMMARY
1
www.seqrite.com
Traditionally, the notion of data leakage has been associated with the dispossession of device(s) containing con�dential data. However, over the years, data breaches have evolved expeditiously and materialized in far more devious ways with wide reaching rami�cations. To evade losses, enterprises should divert their resources towards the security of the following data types.
Due to the overlapping segregation of critical and vital data, many organizations often overlook the signi�cance of data loss prevention tools. As enterprises have bolstered the channels of data transfer, the need to pinpoint and administer these avenues has become critical.
For business entities, every sliver of data is crucial. The prevalence of cutting-edge data theft technologies now allows attackers to target organizations in ingenious ways and extract vital information and business secrets. Additionally, the pilferage of data also leads to a drop in worldwide market share, a huge blow to reputation, and the possibility of prolonged lawsuits. All this factors culminate in irrecoverable losses for a business enterprise.
Data Loss Prevention (DLP) is one of the most widely discussed but grossly under implemented technologies in the enterprise security portfolio.
1331 incidents of data loss have been reported worldwide
Over 502 million personal records have been exposed
20141st Half
Industry-speci�c Intellectual Property – This includes product design documents, prototype plans, process documentation, source code and more.
Company memorandums and documentation – This includes �nancial documents, employee details, future plans and other con�dential company information accessible only by insiders.
Customer data and buyer details – This includes details of customers such as credit/debit card details, personal information, bank statements and other information meant for company processing only.
2
www.seqrite.com
INTRODUCTION
3
www.seqrite.com
DATA LOSS PREVENTION INTRODUCTION
57%Over the last
10 years,
involved organizational errors,insider abuse or other internalmismanagement.
Europeof data lossincidents in
Data Loss Prevention (DLP) software gains precedence here as it grants a set of tools and methodologies that forestall the leakage of con�dential information. DLP also frames compliance policies and rules that protect data and �ag incidents when information is compromised or leaked.
The proliferation of Internet facing devices within enterprises has also led to the demand for persistent DLP mechanisms. In addition to their designated workstations and laptops, employees today actively utilize multiple smartphones, tablets, smartwatches and soon, even Internet enabled glasses. An inherent side e�ect to the ‘Internet of Things’ is that hordes of data is now broadcasted and shared over insecure networks. Without critical security infrastructure in place, these channels are often rendered vulnerable and exposed.
Companies are compounding their security risks by overlooking crisply de�ned security policies, by imposing impractical and easily reversible processes and by inadequately training employees in security matters. This intensi�es disparate avenues for data leakage and renders age-old practices of safeguarding con�dential information as unfeasible. Today, enterprises cannot a�ord to sustain the repercussions of data loss or repel the penalties of violating regulatory policies.
With such potential rami�cations seething under the surface, business enterprises must begin to actively embrace and implement DLP systems. Diverting resources towards imbedding the technology within existing IT security infrastructure should not merely de rigueur; it should be indispensable. This white paper presents an overview of Data Loss Prevention (DLP) and Seqrite's implementation of the technology. We also take an in-depth look into the bene�ts, the risks and the deployment mechanisms of DLP.
145 million recordsstolen from eBay
May 2014
53 million recordsstolen from HomeDepot
September 2014
76 million recordsstolen fromJP Morgan
October 2014
While the nature of critical data is often underestimated, the problem of data leakage gets exacerbated. SMBs in particular, often believe that they are too small to be targeted. However, data breaches do not occur based on size alone. Moreover, not all breaches are caused by malicious attackers or corporate saboteurs.
While the nature of critical data is often underestimated, the problem of data leakage gets exacerbated. SMBs in particular, often believe that they are too small to be targeted. However, data breaches do not occur based on size alone. Moreover, not all breaches are caused by malicious attackers or corporate saboteurs.
Since employees themselves contribute to the majority of data leakage cases, a set of policies that monitor, regulate and enforce data preservation tools are essential. This is where Data Loss Prevention (DLP) comes into the picture and its implementation depends on the nature of vulnerable data, the size of the enterprise and the degree of danger posed to the data by insider and outsider threats.
External Threats to Critical Data
Critical data silos are often earmarked as high priority targets by company outsiders and rival enterprises. They focus advanced and intensive espionage methods to amass information from vulnerable sources. Government entities have the additional onus of dealing with the threat of Advanced Persistent Threats (APTs) developed by nation states and non-nation attackers.
Data storage as an anomaly
As the volume of big data has increased exponentially, storage technologies have fallen behind those advances. As per predictions, global big data is foreseen to rise by a factor of 50 by 2020, but storage drives are only going to expand 15-fold in the stipulated timeframe. Simultaneously, storage costs are not diminishing either. These two trends have fused to make it challenging for companies to purchase or lease storage space for data demands.
4
www.seqrite.com
THEPREVALENTRISK OF DATALEAKAGE
Employees/Insiderswho accidentallylose data
The instigators of data loss can beclassi�ed as follows:
Employees/Insiderswho deliberatelyleak data
Attackers/Outsiderswho target speci�csilos of data
5
www.seqrite.com
DATA LOSS PREVENTION The Prevalent Risk of Data Leakage
Consequently, more data is being stored on smaller spaces. This escalates server loads and ampli�es the impact of data loss if the storage space is compromised.
Backup policies are not unconditionally reliable either. These processes operate under the inferences that hardware and storage media seamlessly work together, that data is incorruptible, and that backups are taken in a timely manner. In real world scenarios, most of these conditions are not met, thus augmenting data loss.
The risk of Advanced Persistent Threats (APTs)
APTs are perilous because they evolve slowly but steadily. They often go undetected for years at a stretch as they do not render discernible damage. They stay still and monitor data and follow the motto “Go Low and Go Slow”. Most notorious APTs have been found to be dispatched by nation states to spy on or sabotage rival nations’ infrastructural or operational capacities.
An APT attack often utilizes spear phishing (a type of social engineering) to in�ltrate a network via legitimate means. Once inside, an APT establishes and opens a back door. The APT then gathers authentic user credentials and moves laterally within the network to establish more back doors. By the end of it, the APT installs bogus utilities and creates a "ghost infrastructure" to distribute malware that remains hidden from security protocols.
Associated Costs to Companies of Advanced Persistent Threats
Diminished Brand &Reputation Costs
$9.4 million
Productivity LossCosts
$3.1 million
Technical SupportCosts
$2.5 million
Business DisruptionCosts
$3 million
4
6
www.seqrite.com
DATA LOSS PREVENTION The Prevalent Risk of Data Leakage
Characteristics of an APT
Targeted
APTs steadily work on targeted organizations or entities with the sole purpose of stealing speci�c data or causing operational damage.
Persistent
APTs gradually evolve in multiple phases over a long period of time. Attackers �rst need to single out vulnerabilities, appraise existing security measures, gain access to privileged hosts, �nd the targeted data and, �nally, extract the data. This entire process frequently takes months or even years to bear fruition.
Evasive
APTs are methodically designed to circumvent traditional security products that most enterprises have relied on for years.
Complex
APTs apply a complex blend of attack methods to target multiple vulnerabilities that are identi�ed within the targeted organization. These attacks involve telephone-based social engineering tricks to pinpoint key individuals within an organization; phishing emails sent to those personnel with links that execute custom JavaScript codes to install remote access tools; binary command-and-control codes; and custom made encryption technology.
Advanced malware and customized Trojans
The complete failure or dramatic slowdown of a business network can be either premeditated or accidental. A destructive malware can delete critical system �les and thus disable the Operating System, bomb the network with a DDoS (Distributed Denial of Service) attack, or hamper the system's operability in multiple ways.
In certain scenarios, malware turns out to be incompatible with system speci�cations, resulting in server failure or radical increases in spam tra�c, thereby paralyzing the enterprise network.
When a virus in�ltrates a corporate network, the wreckage caused by it is measured in terms of the losses associated with the downtime necessary for disinfecting the network. An inactive Trojan's mere presence can also be a deterrent for smooth operability. The Trojan may only be a zombie server that broadcasts spam, but consumes internal resources to do so. Systems that have been compromised by Trojans can also allocate spam which is highly likely to be pointed towards the network's own corporate mail server.
Round the Clock Internal Threats
With expansive communications options and the extension of the work environment to homes, cars, airports, and co�ee shops, the balance between work life and personal life has disappeared. A critical side e�ect of this revolution is that employees are now sharing critical enterprise data over insecure networks and failing to comply with security policies regarding equipment, facilities, and sensitive information.
Employees are now sharing critical enterprise data over insecure networks and failing to comply with security policies regarding equipment, facilities and sensitive information. Employees or insiders are often the cause
4
7
www.seqrite.com
DATA LOSS PREVENTION The Prevalent Risk of Data Leakage
of deliberate or accidental data breaches in established industries all around the world. Premeditated cases of sabotage are highly risky as employees have inside access and knowledge pertinent to critical infrastructure and processes. Accidental leakage is no less pervasive as it can release critical data unbeknownst to the organization and cause extensive damage. Just as companies make it mandatory to keep inventory of all physical goods, data should also be monitored and stocked with the same scrutiny.
The common sources of accidental data leakage by employees can be attributed to the following:
Employees underestimate the risks of data leakage
Employees think that their IT policies are foolproof and secure
Employees don’t actively think about security as an issue
Employees are not overly concerned with security protocols
Employees are unable to comprehend security policies due to their complexity
Employees have not been adequately educated with regards to security
Employees are hard pressed for time, hence they overlook security measures
4
8
www.seqrite.com
DEFININGDATA LOSS
PREVENTIONTECHNOLOGIESFOR BUSINESS
In the market scenario, Data Loss Prevention (DLP) goes by many nomenclatures. While DLP variants manage comparable fundamental activities to varying degrees, it is far more prudent to focus on what DLP does and its core competencies instead. In the broadest sense, DLP implements deep content analysis, centralized compliance management, provides expansive coverage across numerous platforms and unassailable remediation processes.
DLP is the methodology to identify and forestall the
unauthorized communication or
disclosure of confidential data. In order to ensure
that sensitive information is utilized in its intended
manner, DLP consolidates people, technology and
processes.
Today, progressive business enterprises expect Data Loss Prevention to be an integral part of any endpoint security solution. As DLP tools extend the in�uence of traditional security suites, they serve a de�nitive purpose and o�er the following bene�ts:
The possibility of data ex�ltration through applications or third-party software is eradicated.
Company-wide application surveillance policies are consistently implemented.
Installed software and inserted devices are scanned for security holes or blind spots.
Targeted attacks using advanced malicious techniques are thwarted.
While contemporary DLP technologies di�er with regards to their functionality, their key capabilities can be classi�ed as follows:
1. DLP tools monitor and enforce compliance policies within the existing network stack. This enables enterprises to enforce network-wide policies without opting for a standalone network appliance.
2. DLP technologies facilitate data surveillance within existing system kernels. It functions in conjunction with the operating system kernel in order to monitor user actions such as the copying and pasting of sensitive content.
3. DLP tools audit and implement security protocols within the existing �le system. This permits monitoring and enforcement of universal compliance rules regardless of data storage locations.
Conventional endpoint security o�ers divergent, but equally important features, such as Network Firewall, IDS/IPS, Web Security, Antivirus and more. While data leakage is a small part of enterprise security, it is an integral aspect which cannot be neglected. Business enterprises need to allocate their resources towards the complete spectrum of all these protocols for thorough protection and security.
4
9
www.seqrite.com
DATA LOSS PREVENTION Defining Data Loss Prevention Technologies for Business
Data at rest
Data in motion
Data in use
CLASSIFICATION OF DATA
Stored physically in any digital form – databases, data warehouses, archives, spreadsheets, o�-site backups, tapes etc.
Data that traverses a network or temporarily resides in computer memory – emails, downloaded �les, VPN data sharing etc.
Active data stored in non-persistent digital state – in RAM, CPU caches, registry entries etc.
Classifying Data for Best Business Practices
Implementing DLP strategies requires enterprises to gauge the lifecycle of their data. The following aspects of data storage need to be taken into consideration here.
sni�ng of network tra�c to single out sensitive content that is being transmitted across predetermined communication channels. The sni�ng out of speci�c ‘Data in motion’ occurs either passively or via inline proxies. The communication channels that can be inspected range from emails and Instant Messages to source code snippets within incoming/outgoing web tra�c.
Data in use (in endpoints)
Such data modules are directed by traditional endpoint solutions as well. ‘Data in use’ is scrutinized as a user interacts with the data in question. For instance, DLP protocols raise alerts whenever a sensitive document is being transferred to a USB drive and subsequently block the �le vis-à-vis blocking the drive in its entirety. These protocols detect illicit copy or pasting, and recognize when sensitive data is being executed on unwarranted applications.
Amidst the elimination and selection of DLP products, organizations must narrow down on tools that correspond with their requirements and scale as the business expands. Every organization has unique commitments so a meticulous analysis of employee habits, prevalent security protocols and liable data theft/transmission channels is mandatory.
Data at rest
Data that is reserved in silos on enterprise servers and content repositories is termed as ‘Data at rest’. DLP tools undertake active content discovery to scan these servers and pinpoint sensitive content, for instance, credit card numbers. If an unauthorized server is found to contain such data, the sensitive �le is deleted, encrypted or a security alert is sent to the owner of the �le.
Data in motion
DLP technologies facilitate the
10
www.seqrite.com
A MICROSCOPIC APPROACH TO DLPIMPLEMENTATION PROGRAMS
Prior to embedding Data Loss Prevention programs, enterprises must strategize preliminary tasks such as policy development, critical business process analysis, intricate systems audit and segregation of data types. It is also mandatory to include multiple stakeholders from IT verticals within the enterprise and their supported business units in these preparatory e�orts. The following considerations must also be competently addressed.
Classi�cation of enterprise information, data location and transfer pathways
Organizations should mandatorily pinpoint and classify sensitive data within the company, and its �ow and transmission pathways before setting up a DLP solution. Usually, extensive audits of data and its locations on servers and business assets are not readily available in a standardized fashion, so supplemental resources need to be diverted here. This helps achieve data taxonomy which further aids scanning and remedying data leakage within the organization.
Critical business units and processes should also be scrutinized to segregate data as customer data, employee data, �nancial data, Intellectual Property or more. Locating primary data silos and key data transfer pathways is also recommended. While maintaining multiple data copies of servers, workstations and other media is useful, this process often presents enterprises with challenging hurdles. Removing these stumbling blocks is advisable before investing in complex Data Loss Prevention architecture.
These copies are useful for application testing but sensitive data should be removed �rst. All this helps in selecting and placing a good DLP solution.
It is critical to understand and de�ne Data Life Cycle for enterprises. The lifecycle of information determines its
www.seqrite.com
11
criticality from the point of origin of the data through processing, maintaining, storing and disposing of said data. This aids companies to discover new data repositories and transfer channels. Comprehensive analysis of �rewall and router rules can also support the process of conducting inventory checks of all data egress points. Enterprises should remember that not all data moves through well-de�ned processes and not all company processes are well documented, making these steps necessary.
Establishment of intricate policies and high-level processes
Establishing simpli�ed and scalable data classi�cation policies is the next step. Each data category must be clearly de�ned and modi�ed so that data handling and inventory can be achieved with ease.
Subsequently, a high-level work�ow plan should demonstrate the segregated categories to target, the nature and personnel for desired actions, the expected outcomes and more. This helps address discrepancies, policy violations, escalation methodologies and setting up the process for establishing exceptions, if any. DLP tools also enable companies to establish after-hour processes and review procedures that emanate from appropriate stakeholders.
Crucially, e�ective incident management processes should be re�ned to make them ubiquitous for every data category and rule.
Stage-based implementation of DLP protocols and processes
For best results, DLP tools and programs should initially be launched in a monitor-only mode. This permits the �ne tuning of the system from a scaled up point of view. Moreover, this enabled enterprises to accurately predict the impact of DLP tools and processes on the business. Precise system-driven alerts need to be gained in order to inculcate security awareness and behavioral changes. If all tra�c �ow is haphazardly blocked at �rst, critical business processes are highly likely to be derailed.
At �rst, organizations may be concerned about the amount of
DATA LOSS PREVENTION A Microscopic Approach to DLP Implementation Programs
12
sensitive data “�oating around the place” at �rst, but ensuring system activation at the initial stages is of paramount importance. Initially overlooked or neglected concerns come to light later when the DLP protocols are �rmly placed and activated.
Remediation of data classi�cation or policy violations
In-depth scrutiny of the location and transmission of sensitive data can lead an enterprise to be taken aback by the volume and extent of visibility. Digital footprints of this critical data can cause consternation and lead to steps that may prove detrimental in the long run.
Enterprises are thus advised to utilize a risk-based approach which helps to prioritize and address problems e�ciently. Including all critical stakeholders since the initiation of the DLP process is vital as there are usually multiple issues to tackle. Moreover, the remediation process of dealing with violations should be properly documented so that audits, inquiries and violations in the future can be handled with increasing e�ectiveness.
Maintenance and remodeling of ongoing DLP programs
Periodic reviewing of implemented DLP protocols is highly advocated as new hazards, compliance issues and privacy audits provide tremendous data for enterprises to work with. Optimization of classi�cation rule sets and policies can also be enhanced in this manner.
Enterprises are also counseled to maintain diligence while pinpointing loopholes and narrowing down on the breadth of upgrades possible. This is vital as new data formats or information sets can appear occasionally. Upholding a testing and staging environment helps implement patches and upgrades without security glitches. Security training, awareness and education of employees should also be imparted frequently.
DATA LOSS PREVENTION A Microscopic Approach to DLP Implementation Programs
www.seqrite.com
13
BUSINESS BENEFITS OFAN INTEGRATED DLPPROGRAMInvesting in a scalable and exhaustive DLP program should gain antecedence for corporations of all sizes. In the midst of their implementation of DLP policies, an enterprise also gains the added bene�t of a company-wide audit of data storage and security policies. It is advisable to understand the DLP needs and scale of the organization before laying the foundations for DLP architecture. Here are the bene�ts of an integrated DLP program:
www.seqrite.com
Bene�ts of DLP What Organizations Get
Insulates critical business units and Intellectual Property (IP).
Organizations maintain various kinds of data for competitive, regulatory or reputational purposes. Such data repositories contribute towards the sustenance of critical business units and IP which are safeguarded by DLP protocols.
Forestalls incidental or deliberate data leakage from transfer channels.
Data leakage potentially occurs through assorted transfer channels such as emails, printouts, IMs and more. DLP tools scan these channels for critical data, even if it is disguised by encryption mechanisms.
Diminishes operational and restoration costs associated with data leakage.
Companies endure huge �nancial hits from investigating the extent of data compromised and the source of the leakage after a data breach. DLP tools push back these incidental costs and provide companies with leeway to be cost e�ective.
Detects and mitigates complex data risks for enterprises.
DLP protocols enable enterprises to mitigate future risks by classifying and segregating data repositories. With predictive strategies companies can strengthen their weak spots and not be blindsided by unforeseen intrusions.
Perpetuates conformity with current and subsequent regulatory compliances.
DLP rule sets condition organizations to conform to their exclusive regulatory policies. In case of policy renewal or amendments, the enterprise can easily adapt to the transition and alter data storage or contents.
Optimizes bandwidth and storage management for superior e�ciency.
As DLP tools execute intensive audits of stored data, they identify stagnant or obsolete �les, and other unwanted IT resources. These �les and processes are phased out so as to optimize storage space and bandwidth.
Detects covert APTs and high risk malware that siphon away crucial data.
APTs gradually embezzle information by remaining undetected for years. DLP tools detect anomalies to unearth APTs and other high risk malware or rogue software that transmits data from within the organization.
Bolsters data security training and awareness of employees.
Data security education is routinely provided to employees but often forgotten. With real-time alerts and active blocking, DLP reinforces this learning and advises employees about what they should or should not share.
14
DATA LOSS PREVENTION Business Benefits of an Integrated DLP Program
www.seqrite.com
CONCLUSION
15
Critical information within an enterprise ranks amongst its most valuable assets and a DLP program o�ers the capability to mitigate security risks to these critical business assets. Hurried or improperly implemented DLP tools can also disrupt established business processes and corporate culture. It is essential for enterprises to implement accurate planning, in-depth communication and awareness training before DLP deployment.
Adhering to a structured selection process also helps enterprises navigate the confusing market of Data Loss Prevention tools. Companies should know which business units are more vulnerable to potential data breaches and how to deal with policy violations before deployment of DLP tools.
Enterprises should also possess intricate knowledge about location, utilization and access of stored data. Aligning this information with practical business situations ensures e�ective policy development and compliance enforcement. The �exibility to alter policies and business processes when needed is also a crucial requirement.
Data-driven companies require e�ective DLP tools and strategies for the protection of sensitive data. This data drives future growth that grants these companies a competitive advantage. Data Loss Prevention also lowers expenses which can alternatively be invested in other avenues of strategic business growth. Data which remains within the company retains its value and becomes exponentially more valuable over time.
www.seqrite.com
To �nd out how your business can derive the bene�ts of information security and prevent unsolicited data leakage, inquire about
SEQRITEDATA LOSS PREVENTIONOn +91 - 7028009844 or send an email [email protected]
Seqrite DLP is integrated with Endpoint Security 6.0
Request a Demo
Quick Heal Technologies Pvt. Ltd.
Headquarters:
603, Mayfair Towers-II, Wakdewadi, Shivaji NagarPune-411005, Maharashtra, India.
Phone: +91-20-41060400 / 66025985Fax: +91-20-41060401Email: [email protected]