Implementation of DLP systems
DLP system (Data Leak Prevention) is a complex software product, the purpose of which is to prevent theft, modification and dissemination of confidential information. The principle of operation of DLP systems is to analyze all traffic that is within the protected corporate network. Implementation of a DLP system helps to control incoming and outgoing data flows and block attempts of unauthorized transfer of important corporate data.
DLP works according to the data-centric security principle. It does not mean protecting servers, software or networks, but controlling the security of the data that is processed in the system. According to this principle, all information flows are divided into three categories:
Data-in-use - all information that users work with (creating and editing documents, media content).
Data-at-rest - information that is statically stored on end devices of users and in public places.
Data-in-motion - data in motion, transmitted information streams (transactions, authorization information, server-client requests, and others).
To ensure the maximum possible protection of information during the DLP implementation, you should follow all the recommendations and use several protection blocks at once. This will create a cost effective, working protective loop. The implementation of a DLP system should be carried out in stages from preparation to design and configuration of components for work under load in the company.
Step 1. Preparation
At the first stage of DLP implementation, it is important to carry out preparatory procedures. The process of preparing a company for the installation of a security system includes:
- information security audit;
- risk assessment;
- creation of a data access control scheme;
- settlement of legal issues.
An audit implies an assessment of the real degree of information protection. In this preparatory segment, there is a search for all possible channels of data leakage and vulnerabilities in the IT “ecosystem”. As a rule, the preparation and implementation of the system is accompanied by a specialist of the company that produces DLP, although an intermediary - a company that provides DLP integration services - can also act in this role.
In any case, a survey of the company's information flows includes:
1. Assessment of the level of security when working with internal documents of the company.
2. Detailed study of all technical resources of the company, from servers to network streams.
3. Creation of a list of data that belong to a group of information with limited access.
4. Development of access control rules.
5. Study and description of the processes of processing, creation, transfer and storage of information within the company.
Risk assessment and creation of access control rules are mandatory steps at the stage of implementing a cost-effective DLP system. The risks are assessed along with an investigation of potential leakage channels. Depending on the probable damage, a decision is made on the need to protect the leakage channel.
The contractor draws up a diagram or a detailed description of the company's information flows and data processing methods. Further, the contractor and the specialists of the company's information security department jointly create access control rules - a set of rights that the system user receives depending on the position held. If the organization does not have an information security department that deals with security issues, the contractor agrees the rules of access control with the authorized person of the company. In the process of creation, the regime of commercial secrets and regulations for working with confidential information are taken into account.
Most often, as practice shows, customers do not have a pre-prepared description of business processes, so the first stage of implementing a DLP system takes the most time.
The signal of the completion of the first stage is the list of normative documents, without which further implementation of the system is impossible. The list includes documents that contain the likely scenarios and channels of information leakage; enumeration of types and types of data with limited access; scheme of information flows, access to which is limited; a description of how users and technical components interact with restricted information.
The documented features of the life cycle of confidential information in the digging make it possible to understand how the work with data streams occurs and what systems are necessary to protect them from unauthorized access or leakage.
When implementing a DLP system, it is important to adhere not only to the principles of information protection, but also to legal norms. Monitoring compliance with the rules for working with confidential information should not violate the personal rights of users, so it is worth abandoning actions that can be regarded as surveillance. Additionally, it is worth providing control mechanisms for system administrators who have access to all types of data.
In order to avoid dissatisfaction and indignation in the team, it is recommended to include points in the general information about the operation of the system where the goals of implementing DLP control are clearly defined and how the use of the information security system contributes to the financial well-being of the company. Separately, it should be emphasized that the head has the right to protect the trade secrets of the organization, and computers and other equipment provided to the employee are the property of the company, and any protection system can be used to protect property.
Step 2. DLP selection
Choosing the right DLP system requires a preliminary analysis of the value of the data that needs to be protected. Protection should be economically beneficial. In other words, the cost of the possible financial damage from information leakage should not exceed the cost of implementing and operating a DLP system.
After completing the first step of implementing a DLP system, the contractor has a clear idea of what functions the protection system should perform. Beforehand, you should stipulate not only the maximum price of the system itself in the required configuration, but also the cost of installation, configuration, testing and technical support.
When choosing a DLP solution, it is worth asking the developer:
- Complexity of installation and system support. It is important to take into account the availability of the necessary software shells for working with databases and specialists who are able to maintain the software: perform backup, restore, update and other operations.
- Scenarios of interaction with the existing computer system in the company. DLP should not overload existing computing processes.
- The skills that cybersecurity specialists and analysts will need to fulfill their data breach prevention duties.
If the DLP system chosen or recommended by the developer does not fit the customer's budget, you can choose simplified versions of the system. For example, systems of the Channel DLP class that block information transmission channels without content analysis or are supplied with a limited set of analysis functions.
Step 3. System design
The main parameters of the architecture of technical channels and information processes of the company are outlined at the first stage of the DLP system implementation. During the design phase, a more detailed survey of the existing infrastructure takes place, with an emphasis on the channels selected for protection. This requirement is mandatory and minimizes malfunctions or disruptions during installation and initial operation.
To create the correct scheme of interaction between the protection module and all servers, databases, proxies, technical specialists of the customer company are involved in the DLP installation process.
Step 4. Install and configure DLP
There is no single algorithm of actions for configuring DLP, since a more effective approach is to constantly support the operation of the system and fine-tune reconfiguration throughout the entire period of use.
It is important to set up the system in such a way that, if necessary, delegate access rights from one user to another without problems. You should also create a set of functions for the possible expansion of the company's technical support system without violating the integrity of DLP products.
DLP configuration is, in fact, checking the operation and testing of the installed components of the protection module under real load. First of all, it is necessary to check the correctness of processing server requests and the principles of access control.
For a company where data security is one of the business priorities, DLP implementation is the best choice. Successful DLP integration will allow you to control all information flows, as well as timely identify and eliminate security threats.