Data Loss Prevention and Internal Scanning

Data Loss Prevention and Internal Scanning

Information Security at FireOak StrategiesWithin many organizations, most confidential data is stored in an Enterprise Resource Planning (ERP) system such as Salesforce, WorkDay, or SAP. Since these systems have solid technical and security controls built-in, executives often have a false sense of security, and they trust that their digital assets, confidential data, and intellectual property are all properly protected.

From a technical perspective, this might be true: ERPs generally follow Information Security best practices to keep assets well-protected and properly secured. But on a daily basis, staff members unwittingly threaten the confidentiality of their employer’s digital assets. Weak information governance mixed with unintentionally creative workarounds lead to an environment where confidential data escapes the tight controls of the ERP system and as a result, becomes much more vulnerable to exfiltration. Trouble occurs because of weaknesses in policies, procedures, and processes -- not because of flawed technology.

For instance, social security numbers, credit card information, account numbers, and financial transactions are all usually well-protected and properly stored within an ERP. But once someone exports such data to a spreadsheet, it suddenly becomes an entirely different situation.

Exported data is often stored in poorly-protected ways -- on unencrypted laptops and other mobile devices, emailed to other people, saved to a personal Dropbox account, or posted to a widely-accessible shared drive. Often, staff place files in these types of locations with good intentions; they’re just looking for a temporary place to store files they’re actively using. But the reality is that users are notoriously bad at later deleting these supposedly-ephemeral files.

That’s where the breaches occur: in the spaces where the data has been exported into a spreadsheet or PDF and then is improperly stored, often for extended periods of time before someone takes notice.

“Trouble occurs because of weaknesses in policies, procedures and processes -- not because of flawed technology”

Proactive Data Loss Prevention

Performing a data loss prevention (DLP) inventory is a critical first step towards ensuring that your organization's’ data -- no matter where it is stored -- is properly protected.  The result of a DLP inventory is a report which describes the types of confidential data elements in use within an organization, identifies the system of record and data owner for each type of record, and records the locations of the files and systems which contain -- or may contain -- these data elements.  A DLP inventory is an extremely valuable way to shed light on where your company has accessible confidential data.

In order to identify examples of weak information security practices, organizations should carry out data loss prevention (DLP) inventories frequently and regularly. But more than simply carrying out such inventories, in order to make an impact, organizations need to act on the results.

Follow-up is where most organizations fall short -- instead of addressing issues that surface during a DLP inventory, such results end up captured in a report and then languish on an IT staff member’s shelf.

DLP Inventories: Automation vs. the Human Touch?

DLP inventories can happen in multiple ways: via an automated tool, carried out by a human, or, ideally, using a combination of people and technology.

Automated scans, using one of the many open source or commercial tools available, accelerate the process and make it easier to carry out inventories on a regular basis by letting machines do the heavy lifting. But the outputs from automated scans still need to be reviewed since they are prone to false positives and require some interpretation and fine-tuning to improve methodology for future iterations.

“Lack of strong information governance plus creative workarounds = vulnerable confidential data”

Proactive Data Loss Prevention

Performing a data loss prevention (DLP) inventory is a critical first step towards ensuring that your organization's’ data -- no matter where it is stored -- is properly protected.  The result of a DLP inventory is a report which describes the types of confidential data elements in use within an organization, identifies the system of record and data owner for each type of record, and records the locations of the files and systems which contain -- or may contain -- these data elements.  A DLP inventory is an extremely valuable way to shed light on where your company has accessible confidential data.

In order to identify examples of weak information security practices, organizations should carry out data loss prevention (DLP) inventories frequently and regularly. But more than simply carrying out such inventories, in order to make an impact, organizations need to act on the results.

Follow-up is where most organizations fall short -- instead of addressing issues that surface during a DLP inventory, such results end up captured in a report and then languish on an IT staff member’s shelf.