THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
Data Loss Prevention (DLP) may be one of the most misunderstood areas of IT Security. Deploying a DLP solution can help to protect a company from unintended data leakage. The use of a DLP solution should be used in conjunction with other processes in order to develop a robust security plan for the business. Having a solution in place may help in determining where important or sensitive data within your organization may need to be better secured. Developing a Plan One of the most important aspects of determining if a DLP solution is right for your organization is developing an overall plan about how it will be used and what type of data will be protected or monitored. This is important to have in place prior to actually going with a solution. The plan will outline the requirements you are looking for as well as any specific requirements that might be required by stakeholders. In the initial phase, it is also going to be important to conduct a risk assessment for the types of data that may be managed by the company. Determining what sort of information is considered sensitive or restricted may help in determining the type of solution, and what sort of settings and configurations may be needed. This is also critical to develop if the organization has never implemented a solution previously or may be asked to do so by a customer or client for regulatory purposes. Choosing a Solution The hardest aspect of implementing a DLP solution is actually choosing the solution that is right for your business. The biggest issues that companies will face will be whether all of the specific environments within the organization are going to be protected. As businesses continue to adopt cloud computing and develop applications or services, making sure these are protected by the DLP solution will be important to address. Some of these areas may include:
Data Movement An additional area that will need to be determined by the company is how it will address the movement of sensitive data throughout the organization. The following states are the most common that will need to be addressed:
Solution Implementation
Once the solution has been decided on and purchased, it is now time to implement it within the network infrastructure. There are usually two states that the monitoring of network traffic will have for the DLP solution. The first being a passive mode, and the second being an active mode. Each of these have their benefits and will be used in the deployment and monitoring process after the initial setup and configuration has been completed. Passive Mode When deploying a DLP solution, it is going to be important to understand the amount of data that will be alerted to is going over the network. For many businesses, this is a HUGE unknown. In the initial setup phase, it will be critical to monitor the types of alerts that will be triggered and the types of data that the DLP will be protecting for the company. With the passive mode enabled, the technical team will be just monitoring the types of alerts that they will be getting. During this time no action will be taken (meaning that the emails or the information will still get through as it normally would), but now the technical staff will have information as to who and when it happened, along with what was leaked. This is meant to enable management and the technical staff to follow-up with the employee to address the issue. Active Mode Once the initial monitoring has happened and it has been determined that the DLP solution can be transitioned to the active mode. This transition in most instances happens with little to no notice by employees of the company. Additionally, determining at what level the active monitoring will be allows the technical staff to dial in to the specific requirements they are looking for. DLP solutions are meant to prevent leakage of sensitive or restricted data, but the business still needs to function as well. So developing roles within the solution will be important, as the various members of the organization will have different requirements based on those job functions. Setting those roles and exceptions to the rules will be one of the key areas that should be addressed in the setup phase of the DLP deployment. Areas of Concern When deploying a DLP solution it is important to remember that all of the data going over the network or through the email server will be subject to inspection. This may slow down that traffic as each and every email is monitored based on the requirements that have been set for the solution. In addition, email attachments and images may also be inspected for potential data leakage as well. Depending on the size of your organization, there may be some network or traffic degradation and emails may take longer in getting trough (especially if you are inspecting both incoming and outgoing responses) which may cause issues with customers or clients. Knowing that there is a potential impact to the business, it may be important to dial up the monitoring or restrictions over time instead of all at once. Summary While an integrated DLP solution will make a lot of sense too many businesses, it is important to remember that the setup and configuration of the solution will take time to develop. Deploying a solution overnight and putting restrictions on data content and traffic may effect the organization in ways that may be unintended. The DLP monitoring creates documentation that management or the IT Security staff may follow up with to address the leakage of sensitive data out of the company. While a standalone application or appliance may suite some businesses, there are some business applications that also have DLP settings that can be enabled that will address some of these issues as well. It comes down to finding the right solution that will fit the needs and the requirements of the business. And ultimately in the long run to protect the sensitive information that the company is expected to protect.
0 Comments
There is a growing concern about the increasing number of attacks targeting healthcare service providers and hospitals across the country. Whether it is regional or national health systems, or an area hospital with only a small number of facilities. These organizations are continuing to be targeted by attackers, who are looking to take advantage of their lack of security. Ransomware Attacks The current method of compromise is by targeting an organization with phishing emails and then infecting systems with ransomware. Once this is accomplished, it is simply waiting for the ransom to be paid before the data is unencrypted. With the increasing number of successful attacks taking place, it no wonder that attackers are taking advantage of this environment. The attackers are being paid due to the healthcare providers not wanting word to get out about the compromise of their systems. It’s easier for company to just pay the attacker and get back to work than to do all of the forensics that is needed in order to track down what happened. In most cases, the later part happens after the fact. While the healthcare provider just wants to get things back to normal as quick as possible, doing so quickly after an attack can cause a loss in potentially valuable forensic data that could be used in a court case, if one is ever brought against an attacker. Soft Targets One of the reasons that healthcare providers are targeted is because they are a soft target for attackers to target. The healthcare industry in recent years is going through its own technology revolution. This increase in technology has also provided more ways for potential attackers to compromise their networks. Whether it is the increased number of new technologies being used, or the patching together of old network systems. Additionally, the lack of IT Security Professionals in the industry has only recently began to be addressed. Some organizations have been doing this rapidly, but others continue to lag behind. Without a dedicated staff to address security issues within the organization, they will have a lapse in the effectiveness of their security controls. Most healthcare providers are still trying to solve security issues with Network Admins or Engineers. Valuable Data
The reason that healthcare providers are going to continue to be targeted for potential attacks is that the information that they have is valuable to an attacker. The information that is contained on the hospital network may provide the following information:
Prevention of Attacks No matter what preventative measures you put into place, if an attacker wants to get into your computer network, they will. The goal is to make it too costly for them to do so. There are a number of strategies to accomplish this:
Note: The above list was in no particular order, but was a list of areas that organizations should focus on in order to prevent potential attacks. The organization will have to make an effort to shore up their defenses in order to meet this continuing threat. The attackers are continuing to adapt to the improved security measures, but making sure that they are actively managed and supported by leadership is going to be important for them to be effective in the long term. Summary While the outlook for the foreseeable future is one where we continue to see healthcare organizations being targeted by attackers. The hope is that the industry will take additional steps to harden their networks and infrastructure in order to prevent these threats. That’s easier said than done though. Healthcare providers will need to invest in a more robust security posture than what it is at the moment. These organizations will continue to be prime targets for ransomware attacks because when attacks occur at a hospital, you are dealing with someone’s life. The lack of data or the wrong information can cause a loss of the life of a patient. This is why it is critical that healthcare providers take seriously the threats posed by attackers against their networks. With the growing amount of oversight provided by various governmental agencies both in the US and in Europe, we are seeing an increase in the scope of compliance that a business has to comply with. Whether it is in healthcare or finance, all organizations process and utilize information in various ways, but it is becoming more important to the end consumer or user that the data is protected from possible threats. Compliance Landscape IT Security has become a field where we are dealing with the compliance landscape that not only crosses state and provincial lines, but also international boarders as well. In addition, with the increase in global commerce, businesses that were dealing with local regulations are now finding themselves dealing with international regulatory agencies that can level severe fines against them. This is especially true in the US in the State of California where they continue to pass progressive legislation that penalizes data processors or users if they experience a breach, or in California’s laws, how they particularly use the data. This has caused quite a patchwork of laws and regulations to emerge in the technical space, as the various jurisdictions respond to their constituent’s calls for more regulation. Vulnerabilities Abound In addition to the regulations that seem to pop-up overnight in some instances, there continues to be emerging vulnerabilities that provide a robust threat landscape from which data can be acquired. The regulations aim at addressing these issues and at the same time helping the public protect their data. No matter the reason, threats and attacks can come from any direction, or happen at any time. Where the regulations seem to help, is by making sure that companies are actively doing the right thing by employing industry best practices. Businesses have issues with the following areas:
Sensitive Information
The key reason that the majority of regulations have been developed is the need to protect sensitive information. Whether this is PII (Personally Identifiable Information) or credit card data, there has been a growing need to have this information more regulated than it is currently. This is especially true since the information provided in these circumstances can have such a huge impact on the end consumer. As an IT Security Professional, it is our responsibility to help to protect this data as much as possible. Additional regulations are also taking into consideration the individual employees of organizations that have a responsibility for protecting the information as well. Holding them individually responsible or criminally negligent if there happens to be a breach and they were to have been found to be negligent in the work they were responsible for. This additional scope of these new laws can put a company’s technical staff squarely in the cross-hairs of their regulatory agencies. Summary In recent months, it has come out that large technology firms are selling individuals information without their knowledge or consent and then profiting from that data. This in turn has caused a flurry of talk in Washington D.C. on Capitol Hill about how best to regulate these industries. Whether it is through the local governments or through national or international regulatory agencies, more regulations are coming. For a business that processes or stores sensitive data, it can mean that they handle the information differently than they have been. Nevertheless, addressing all of the shortfalls will go a long way in securing the company and your customer’s data. This can lead to not only cost savings overall, but also help to reduce any potential fines as well. |
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|