IT security breaches are inevitable, losing data is not

Data Loss Prevention (DLP) is a tough area for CISOs to get right - any data breach can be costly for both the organisation and the individual.  

The traditional approach to DLP is driven by a compliance agenda: find the data, classify it, then write policies - however, just because an audit results in a DLP compliance ‘ticked box’, it doesn’t necessarily follow that data is therefore safe.  Most organisations still experience a number of challenges with their DLP strategy:

  • How do we know where our data is going and what is being done with it?
  • How do we know where our critical data is located?
  • How can we have confidence in the cloud without being able to safely migrate & control the data?
  • How do we classify then control data as quickly and as simply as possible?
  • How can we guarantee continuous DLP compliance?

The end-goal of most targeted cyber attacks is to steal data and intellectual property for financial gain and it has become big business for bad guys everywhere.  According to the Ponemon Institute report, the average total cost of a data breach to a UK organisation in 2016 is $3.95 million – if you couple that figure with the fact that the Government released a study in May 2016 reporting that two-thirds of large UK businesses have been hit by a cyber breach or attack in the last 12 months, then it paints an extremely worrying picture and highlights why data security consistently remains a “top-3” priority for organisations.

If you, like us, feel it’s fair to assume that most large organisations will have some sort of DLP strategy in place, then the only logical conclusion to the above statistics must be that the traditional data loss prevention solutions are drastically failing to protect sensitive data from leaving organisations.

Our partner in the DLP space, Digital Guardian, are new to the UK and have created a solution that completely turns the traditional compliance mindset towards data governance on its head.  Their key to helping organisations build effective DLP strategies is to provide full visibility over the movement of data, which therefore enables organisations’ to:

 

Quickly identify ‘normal’ user behaviour and therefore write policies and define triggers around what ‘unusual’ behaviour looks like

 

Prove the data is safe, with a clear auditable trail around its movement throughout the organisation.

 

Prevent (disgruntled) staff from the unauthorised removal of valuable organisation data

Provide reporting around IT application usage, giving enhanced visibility and often enabling an organisation to be more effective in ‘right-sizing’ software licensing costs

 

Clearly demonstrate a change of user behaviour towards protecting data

Consolidate the visibility of data activity and provide granular reporting to enable policies to consistently be challenged and reviewed by the organisation

VectisNET would love to speak to you around helping to build an effective DLP strategy and we’ll happily organise a product evaluation following an initial discussion around some of the key challenges you are facing. 

Digital Guardian is available either as a standalone product sale, as an on-site or off-site hosted managed service, or as a consultancy piece to deliver a visibility study – incidentally, the quickest sale the vendor has recorded between initial meeting and receipt of order was just 5 working days…their story is extremely compelling.

For the final words on our data loss prevention solution…

  • If you can see all data events, then you can also see all DLP threats
  • An integration with SIEM technologies means the ability to add valuable context and insight around events & alerts
  • Being able to provide evidence of data movement delivers confidence around enforcing a DLP strategy
  • If you can clearly see all threats then you can effective manage a DLP strategy to fully protect your data 

Contact VectisNET today to discuss DLP further, we look forward to hearing from you.