Story image

For YOUR eyes only: Data loss prevention strategies

25 Jul 2016

It’s your job as the security professional at your company to prevent the loss of critical or sensitive data.

Your financial data is valuable to cyber-criminals. Your IP is valuable to competitors and spies. Your HR data, including salaries, is best kept secret. It’s not just good business… it’s the law. New Zealand’s Privacy Act (Principle 5, Storage and security of personal information) states that ‘An agency that holds personal information shall ensure that the information is protected, by such security safeguards as it is reasonable in the circumstances to take, against loss’. In other words, if you hold sensitive information, you’d better keep it safe.

But as networks get more complex and the attack surface expands, your job is not getting any easier. “Data loss prevention (DLP) is getting more attention, thanks in part to the Panama Papers data leak,” says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand’s largest distributor of Fortinet’s cyber security solutions. “This was a wake-up call to every business: protect what you hold or face the consequences…which are not pleasant.”

DLP: Applied across the entire network

DLP is a systems-based solution applied across the entire distributed network, including endpoints, local and distributed networks, data centres, cloud services, applications and web and e-mail services in order to prevent end users from sending sensitive or valuable information to unauthorised users and devices. An effective DLP strategy is also a valuable tool for IT administrators, enabling them to create, refine and enforce policy, gain broad visibility into data flow, filter data streams on the network and protect data at rest, in motion or in use.

Customers, employees, contractors, and business partners all want to access critical business data and network resources. “The number and kinds of devices used to access this data are expanding rapidly,” notes Khan, “from smartphones and tablets to personal laptops that are increasingly not controlled by IT. At the same time, critical data is being stored offsite on a variety of third-party platforms, something known in the industry as Shadow IT.”

“Traditional network perimeters are changing,” he continues. “Users expect to be able to access any information, from any location, at any time, using any device. But the imperative stays the same: you need to protect and preserve critical, sensitive or confidential data in the midst of a rapidly expanding environment where traditional security solutions are less and less relevant.”

Policy comes first

DLP is achieved through the coordination of many different components. The first, and most essential, is a strong policy and governance strategy. If you can describe and map it, you can protect it. Your security policy is the blueprint from which you can build your security fabric.

After a policy is in place, you can then enhance your network to discover, analyse and secure data. Using a combination of specific data management and control tools, content-aware security devices and solutions and the ability to leverage the services that already exist in your network, you can create a workable and manageable DLP profile.

An effective strategy

An effective data loss prevention strategy, therefore, needs to include:

1) Preparation and planning as you adopt new network technologies, strategies and devices

2) Designing and implementing collaborative and adaptive security as an integral part of your network architecture

3) Continuous assessment and automated response to threats as they occur

4) Implementing forensic tools that allow you to immediately trace an event to its source, identify compromised devices inside your network and optimise your environment to prevent future breaches.

“DLP isn’t a black hole or amorphous concept,” concludes Khan. “It’s a policy, tools and the resources to enforce. Done systematically, you can implement DLP without having to redesign your network. An additional appliance or upgrade here and a reconfiguration there and you should be able to fast track DLP implementation. At Fortinet, it’s one of our specialities. Give us a call and we’ll put you in touch with a local Partner who can help you keep your data ‘for your eyes only.”

For further information, please contact:

Andrew Khan, Senior Business Manager Email: andrew.khan@ingrammicro.com M: 021 819 793

David Hills, Solutions Architect Email: david.hills@ingrammicro.com M: 021 245 0437

Hugo Hutchinson, Business Development Manager Email: hugo.hutchinson@ingrammicro.com P: 09-414-0261 | M: 021-245-8276

Marc Brunzel, Business Development Manager Email: marc.brunzel@ingrammicro.com  M: 021 241 6946

Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
VoiP new-comer upgraded and ready to take on NZ
UFONE is an Auckland-based VoIP provider that has just completed a massive upgrade of its back-end and is ready to take on the market.
Online attackers abusing Kiwis' generosity in wake of Chch tragedy
It doesn’t take some people long to abuse people’s kindness and generosity in a time of mourning.
Apple launches revamped iPad Air & iPad mini
Apple loves tinkering with its existing product lines and coming up with new ways to make things more powerful – and both the iPad Air and iPad mini seem to be no exception.
IntegrationWorks continues expansion with new Brisbane office
The company’s new office space at the Riverside Centre overlooks the Brisbane River and Storey Bridge.
Emerging tech helps savvy SMB’s succeed
A CompTIA report shows SMBs are taking on the challenge of emerging technologies to reach their business goals.
Tech community rocked by deaths of Atta Elayyan and Syed Jahandad Ali
Both men were among the 50 killed in the shooting in Christchurch last Friday when a gunman opened fire at two mosques.