be-nz logo
Story image

For YOUR eyes only: Data loss prevention strategies

25 Jul 2016

It’s your job as the security professional at your company to prevent the loss of critical or sensitive data.

Your financial data is valuable to cyber-criminals. Your IP is valuable to competitors and spies. Your HR data, including salaries, is best kept secret. It’s not just good business… it’s the law. New Zealand’s Privacy Act (Principle 5, Storage and security of personal information) states that ‘An agency that holds personal information shall ensure that the information is protected, by such security safeguards as it is reasonable in the circumstances to take, against loss’. In other words, if you hold sensitive information, you’d better keep it safe.

But as networks get more complex and the attack surface expands, your job is not getting any easier. “Data loss prevention (DLP) is getting more attention, thanks in part to the Panama Papers data leak,” says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand’s largest distributor of Fortinet’s cyber security solutions. “This was a wake-up call to every business: protect what you hold or face the consequences…which are not pleasant.”

DLP: Applied across the entire network

DLP is a systems-based solution applied across the entire distributed network, including endpoints, local and distributed networks, data centres, cloud services, applications and web and e-mail services in order to prevent end users from sending sensitive or valuable information to unauthorised users and devices. An effective DLP strategy is also a valuable tool for IT administrators, enabling them to create, refine and enforce policy, gain broad visibility into data flow, filter data streams on the network and protect data at rest, in motion or in use.

Customers, employees, contractors, and business partners all want to access critical business data and network resources. “The number and kinds of devices used to access this data are expanding rapidly,” notes Khan, “from smartphones and tablets to personal laptops that are increasingly not controlled by IT. At the same time, critical data is being stored offsite on a variety of third-party platforms, something known in the industry as Shadow IT.”

“Traditional network perimeters are changing,” he continues. “Users expect to be able to access any information, from any location, at any time, using any device. But the imperative stays the same: you need to protect and preserve critical, sensitive or confidential data in the midst of a rapidly expanding environment where traditional security solutions are less and less relevant.”

Policy comes first

DLP is achieved through the coordination of many different components. The first, and most essential, is a strong policy and governance strategy. If you can describe and map it, you can protect it. Your security policy is the blueprint from which you can build your security fabric.

After a policy is in place, you can then enhance your network to discover, analyse and secure data. Using a combination of specific data management and control tools, content-aware security devices and solutions and the ability to leverage the services that already exist in your network, you can create a workable and manageable DLP profile.

An effective strategy

An effective data loss prevention strategy, therefore, needs to include:

1) Preparation and planning as you adopt new network technologies, strategies and devices

2) Designing and implementing collaborative and adaptive security as an integral part of your network architecture

3) Continuous assessment and automated response to threats as they occur

4) Implementing forensic tools that allow you to immediately trace an event to its source, identify compromised devices inside your network and optimise your environment to prevent future breaches.

“DLP isn’t a black hole or amorphous concept,” concludes Khan. “It’s a policy, tools and the resources to enforce. Done systematically, you can implement DLP without having to redesign your network. An additional appliance or upgrade here and a reconfiguration there and you should be able to fast track DLP implementation. At Fortinet, it’s one of our specialities. Give us a call and we’ll put you in touch with a local Partner who can help you keep your data ‘for your eyes only.”

For further information, please contact:

Andrew Khan, Senior Business Manager Email: M: 021 819 793

David Hills, Solutions Architect Email: M: 021 245 0437

Hugo Hutchinson, Business Development Manager Email: P: 09-414-0261 | M: 021-245-8276

Marc Brunzel, Business Development Manager Email:  M: 021 241 6946

Story image
SecOps opens new Cyber Defence Operations Centre in Auckland
Privacy Commissioner John Edwards officially opened the centre this week, recognising SecOps’ efforts to provide managed security services to New Zealand businesses.More
Story image
Fiverr launches platform to bring freelancers closer to business
Fiverr says it wanted to create an integration that could fit into an organisation’s workflow and become ‘part of the digital onboarding experience’ for employees, meaning freelancers can access email, Slack, Dropbox, and the Fiverr Business team account.More
Story image
Christchurch-based startup hits its stride with $600K seed funding
“We’re on a mission to give people back their time so they can spend it on things that matter, such as growing their businesses. Thanks to this investment round, we're going to be able to accomplish our mission much faster.”More
Story image
National Party announces $1.29 billion tech policy ahead of election
The policy, announced today, pledges to create 100,000 jobs in the industry by 2030 if the party is elected next month.More
Story image
Google & Lenovo launch first meeting room kits for Google Meet
Google Meet Series One meeting room kits are engineered for hybrid working environments, such as those in the office and in remote locationsMore
Story image
ServiceNow extends Microsoft partnership with new Teams functionality
Powered by ServiceNow’s digital workflow platform, the Now Platform, the new capabilities are also said to improve agent productivity by enabling them to more effectively collaborate and complete key tasks in Microsoft Teams.More