There is a big difference between fighting a fire and deploying a fire prevention plan. When you are fighting a fire, damage is already done. Your goal is to limit the damage and then work on rebuilding what was burned. When you deploy a fire prevention plan, you look for and minimise vulnerabilities, and create policies that will reduce the probability of a fire ever taking hold.
You train your people and establish fire safety policies. Having an effective fire prevention plan reduces the probability that you will endure the risk and cost of an actual fire. Preventing is generally much less expensive than rebuilding. Preventing, however, takes some planning, forethought, and budget.
FireMon research at InfoSec Europe discovered that over half of IT security professionals spend most of their time fighting security fires rather than developing proactive plans and policies to block attacks. A good security plan requires thoughtful analysis of the threat landscape as well as an understanding of business risks, consequences and the cost of a breach.
Once an understanding of the landscape and risks are developed, policies need to be established and internalised by the corporate culture. Finally, technology must be researched and deployed to support the policies and reduce the threat landscape. All of this takes time, budget and support throughout the entire organisation, not just within the IT department.
Since much of IT security is based on preventing the loss of confidential data, Data Loss Prevention (DLP) technology is the most important asset to utilise. DLP is a rapidly growing market for many reasons. A few key trends include:
- An increase in cloud computing causing a lack of direct oversight and potential platform disconnects.
- The increased importance of business continuity requiring around-the-clock access to information.
- Rapid growth in cyber-crime requiring more time and attention spent on IT and data security.
- Growing volumes of data, this just means that there is more data that needs to be secured.
In addition to the obvious need to secure important data, there are also new regulations governing certain business sectors that require specific safeguards to be in place. The most prominent of these is the GDPR regulation which will come into force in May 2018. The need for compliance with security regulations, the potential for brand humiliation resulting from breaches, and the increasing cost of both corporate data theft and any subsequent fines are causing rapid growth in the DLP appliance market. In fact, the Data Loss Prevention market was valued at roughly £0.62billion in 2015 but is expected increase to £2.02billion by 2020.
A sound DLP policy requires a detailed analysis of root causes; sensitivity to privacy issues; analysis of the value and confidentiality of stored data; identification of who has access to data and an understanding of where data is going. Once this knowledge is acquired, security gaps are identified and breach-response procedures are developed. These complex issues cannot be addressed with technology alone, but deploying proper protective technology remains a critical step in a data protection policy.
Data Loss Prevention appliances that connect to network links can help set and enforce policies regarding what data can be accessed by whom, and where that data can go. Reports have shown that many businesses do not enforce access parameters to sensitive data.
DLP appliances can set authentication and access parameters so that only the employees with a certain job function are allowed to access that information. Further, the information may be restricted from being downloaded onto certain devices such as flash drives, smartphones and laptop computers. By reducing the number of people and devices with access to confidential data, you can greatly reduce the probability of that data falling into the wrong hands.
DLP appliances must connect to network links to see and control the flow of data. However, directly connecting these appliances to links may impact network availability. One of the best ways to connect in-line appliances without risking network performance is to use TAPs. TAPs are network access devices that provide the ports to connect security appliances and also provide by-pass switch technology to prevent a network outage if the appliance is taken out of service.
Cybercrime is a growing business. However, data protection is also a growing business. Proactively investing the time and budget to create a comprehensive security policy, including Data Loss Protection, is more important than ever. Fire prevention, while time-consuming, is much cheaper in the long run than rebuilding after a fire.