Integration of DLP Systems
DLP (Data Leak Prevention) is a comprehensive software product to prevent theft, modification and dissemination of confidential information. DLP-system monitor all the traffic within a protected corporate network. The integration of a DLP system enables controlling incoming and outgoing data flows and blocking attempted unauthorized transfer of critical corporate data.
DLP systems are data-centric security solutions. They do not protect servers, software or networks, but control the security of data processed in the system. According to this approach, all information flows are divided into three categories:
Data-in-use – all the information that users work with (creating and editing documents, media content).
Data-at-rest – information that is physically stored on the users’ endpoints and in the places with a shared access.
Data-in-motion – data in motion, transferred information flows (transactions, information about authorization, server-client requests, etc.).
To achieve the greatest possible protection of information during DLP integration, you should follow all recommendations and use several security units at once. This will create a cost-effective and working protection circuit. DLP should be implemented in stages from preparation to the design and configuration of components for working under load.
Step 1. Preparation
At the first stage of DLP integration, it is important to outline preparatory procedures. The process of preparation includes:
- Audit of information security state
- Risk assessment
- Developing a scheme for access differentiation
- Settlement of legal issues.
An audit implies evaluating the actual level and state of data security. This stage is aimed at searching for all possible data leakage channels and vulnerabilities in the IT ecosystem. As a rule, the preparation and integration of the system is handled by an expert from a company developer of DLP systems. An intermediary, company that provides DLP integration services, can do this too.
The assessment of corporate information flows includes:
1. Evaluation of the security level when working with corporate internal documents.
2. Detailed analysis of company’s technical resources, from servers to network flows.
3. Creation of a list of data with restricted access.
4. Development of access rights differentiation rules.
5. Review and description of processing, creation, transferring and storing information within the company.
Risk assessment and development of access rights differentiation rules are obligatory steps in the integration phase of a cost-effective DLP system. Risks are assessed along with the analysis of potential leakage channels. The need to protect a leakage channel depends on a possible damage.
The contractor draws up a diagram or detailed description of corporate information flows and data processing methods. Further, the executor and experts of the company’s IS Department jointly develop the rules to differentiate access rights, or a set of rights that the system user receives depending on the position occupied. If the company does not have an IS department that deals with protection issues, the contractor shall agree on the rules with the authorized person of the company. In the development process, the regime of commercial secrecy and rules for working with confidential information are taken into account.
As practice shows, generally, customers do not have a ready description of business processes, and the first stage of integration takes the majority of time.
The completion of the first stage is marked with the list of regulations without which further integration is impossible. The list includes documents with likely scenarios and channels of information leakage, data types with limited access, and a chart with the flows of restricted information. It also describes how users interact with technical components containing restricted information.
The documented features of the lifecycle of confidential information allow you to understand how to work with data flows and what systems need to be protected from unauthorized access or leakage.
When implementing a DLP system, apart from the principles of information protection, it is also necessary to adhere to legislative norms. The reinforcement of the rules for working with confidential information should not violate the personal rights of users, and it is advisable to refrain from any action which can be regarded as surveillance. In addition, it is necessary to implement mechanisms for monitoring the actions of system administrators who have access to all types of data.
In order to avoid dissatisfaction and resentment among employees, in the general information it is recommended to clearly indicate the objectives of implementing a DLP and to describe how the use of the information security system contributes to the financial prosperity of the company. It should be emphasized that the manager has the right to protect trade secrets, that computers and other equipment an employee is provided with are the property of the company, and that any systems can be used to protect this property.
Step 2. Choosing DLP
A competent choice of a DLP system requires a preliminary analysis of the value of the data that needs protecting. Protection system should be cost-effective. Thus, the cost of a probable financial damage from information leakage should not exceed the cost of integration and operation of a DLP system.
After the first step, the contractor clearly understands the functions the security system should perform. It is better to specify not only the maximum price of the system with required options, but also the cost of installation, configuration, testing and technical support.
When choosing a DLP solution, you should find out from the developer:
- The complexity of the system installation and maintenance. It is important to consider the availability of the necessary software envelopes for working with databases and the availability of professionals who can service the software: perform backups, restores, updates and other operations.
- Interaction patterns with the existing computer system in the company. DLP should not load the existing computational processes.
- Skills of IS professionals and analysts required to provide data leak protection.
If the DLP system selected or recommended by the developer does not meet the budget of the customer, you can opt for simple system versions. For example, Channel DLP systems block transmission channels without analyzing the content or come with a limited set of analysis techniques.
Step 3. Designing DLP
The basic parameters of the architecture related to technical channels and information processes of the company are delineated during the initial integration of a DLP system. The design stage involves a more detailed review of the existing infrastructure with a particular attention to the protected channels. This requirement is mandatory and minimizes malfunctions during installation and initial operation.
Establishing the proper interaction scheme of the protection module and all servers, databases and proxy requires the involvement of technical experts in the installation process.
Step 4. Installing and configuring DLP
There is no single algorithm to configure DLP systems, as the most efficient approach is to constantly support and fine-tune them throughout their life.
It is important to install the system in such a way that delegating the access rights of one user to another was easy. It is also necessary to create a set of functions for further expansion of the company's technical support system without disrupting the integrity of DLP products.
In fact, configuration of DLP systems is the testing of the installed components of the protection module under real load. First, it is necessary to check whether the server requests are processed correctly. It also applies to user access rights differentiation.
The integration of a DLP system will be an optimal decision for companies, which make data security a business priority. Successful DLP integration will allow you to monitor all data flows, as well as to identify and eliminate security threats in time.