Most organizations are aware that data loss prevention must be a top priority – but few understand how different tools and policies must be leveraged in combination to create complete, 360-degree protection for critical data. Data loss prevention (DLP) has traditionally focused on securing data on devices – laptops, phones, and internal company networks. But, as remote work and globalization increase, these traditional methods of protecting data fail to account for data in motion or data in use on platforms like Slack, Google Drive, and AWS. Whether you’re seeking to build a new DLP solution from the ground up, or looking to upgrade your legacy DLP solutions, here are the best tools to add to your DLP stack – and why you should consider a multi-faceted approach to data protection.
Key aspects of DLP
Data loss prevention (DLP) is both a process and a set of tools. Your company’s DLP policy identifies the sensitive data that needs protection, determines where it is located, and establishes a method for protecting that information. Then, the DLP software can be implemented to scan for threats, block unwarranted access, and identify nefarious attacks. DLP policies vary for each organization. When crafting your data loss prevention policy, consider some of the following questions:
- What sensitive data do you hold? Consider what types of data your company stores and uses on a regular basis – for instance, PII, trade secrets, patient information, or financial records. Is this data structured or unstructured?
- What is your business’s most important data? All data is valuable, but some information is more valuable to hackers. Can you classify data based on its importance to your business’s growth and survival?
- Where are you storing your sensitive data, internally and with any third parties? Think about both the physical devices on which data may be stored, as well as any online and cloud-based repositories. Who has access to your Google Drive, One Drive, or Dropbox? Where are your thumb drives kept when not in use?
- Where are you transferring data regularly? Data in motion is often when data is at highest risk of being leaked or stolen. Are you using email, a file-sharing tool, or Slack to share data regularly?
Your DLP policy should account for data at rest, in motion, and in use as well as provide a roadmap for educating users in your company to recognize any threats to data security. Your policy will also drive the adoption of DLP technology to monitor and protect your system. Historically, experts have grouped DLP technology into three main categories of tools needed to build a secure defense.
- Network DLP: these tools monitor data as it moves through an organization’s network, providing visibility into data on web applications, emails and FTP. These tools log details of what data is being used and by whom.
- Storage DLP: these tools monitor files stored and shared by users of an organization’s network. Storage DLP solutions can provide visibility into information stored both virtually and on physical devices.
- Endpoint DLP: these tools monitor workstations, servers, and mobile devices to prevent data leakage. This software can provide visibility into data that’s being used on devices both inside and outside the organization.
However, cloud-based DLP solutions are a growing category of tools that transcend these three categories – and can fill in the gaps that these tools leave vulnerable. True cloud-native solutions are platform, endpoint, and network agnostic in that they’re capable of integrating with cloud platforms quickly and can provide single pane of glass visibility across the cloud. DLP cloud solutions integrate with the applications that they secure using an API, making them easy to implement and keep up-to-date. A complete DLP solution requires tools that protect data throughout the normal course of business – not to mention a policy to govern the use of and access to your most valuable information. Here are some tools that can help.
Best DLP security solutions
DLP requires a holistic approach that includes cloud security, mobile device management (MDM), and identity and access management. Here are some critical DLP platforms and tools you need to layer and integrate to completely protect your company’s sensitive information.
Cloud DLP
Nightfall is the industry’s first cloud-native data loss prevention solution. It’s designed to integrate seamlessly with a variety of corporate SaaS and IaaS platforms like Slack&AWS – allowing you to scan data in platforms where users may think sharing PII is perfectly safe. Where some tools focus on where data might be vulnerable entering or leaving your organization, Nightfall’s DLP protects data in use on internal platforms. Nightfall integrates with work tools like Slack, GitHub and Google Drive to identify, classify, and protect the data you need to keep secure; detecting 100+ types of sensitive data, such as addresses, names, passwords, and credit card numbers. Many of our clients choose Nightfall as the first, automated response to data leakage events, yielding measurable time savings for their IT teams. Nightfall is an important building block to upholding your DLP policies and training users to avoid leaking data by accident.
Mobile device management
Mobile device management, commonly abbreviated MDM, is a form of endpoint security. An IT department or administrator deploys software that manages all mobile devices: laptops, smartphones, tablets, and IoT devices. MDM applications offer visibility to maintain the proper security configurations on devices that access an organization’s data. Encryption, geolocation, and remote wiping are common examples of MDM technology. Other MDM software mandates specific password criteria or determines which apps are allowed to run on an employee’s work device. In today’s remote work environment, MDM is critical for companies that offer a Bring Your Own Device (BYOD) option. Alternately, if your company issues devices to employees, you might choose to only allow sanctioned applications to run on these devices. Mobile device management is a critical set of tools that can prevent unauthorized access from an unsecured device.
Identity and access management
Identity and access management (IAM) is a set of processes and tools that allow companies to maintain fundamental information security practices. Ultimately, the goal of IAM is to establish one digital identity per individual – and then maintain, modify, and monitor that single identity through each user’s access lifecycle. Tools that fall under IAM include password managers, single sign-on, and multi-factor authentication. Admins will manage a directory with records of all user identities and the systems or resources to which they have access. The goal of IAM is to limit the risk of insider threat and to maintain control of who can view, modify, and share your sensitive information and applications. By integrating tools in these three categories, you can build a secure system that’s resilient against evolving threats. Learn more about Nightfall by scheduling a demo at the link below.