Information Classification and DLP

Protecting against Data Loss is a mult-facted endeavour

Have Lumen IT help you on this journey. It is not one that organisations should attempt alone.

Data Classification

Classification of structured data is a relatively straightforward process. Because structured data is stored in database or other fixed format contexts, rules can be applied that match typical formats of items such as PII and PCI: Credit Cards, Email addresses, Street Addresses, DOB, Drivers' Licenses, Passport numbers, and so on.

 

The classification process then allows the application of a sensitivity classification to be applied, which can then be enforced.

 

However, the true challenge comes when attempting to classify unstructured data.  It is often buried in formats that aren't so kind to simple pattern matching algorithms as seens for structured data. Not only is the structured content in unstrutctured documents sometimes irregular, imagine attempting to decide whether a 100-page report is:

  • Public Access

  • Internal Use Only

  • Confidential

  • Confidential Restricted

 

If we cannot correctly classify documents, how can we (accurately) decide how to protect them?

The solution is to take the classification task out of users hands.  Our recommendation is to apply Artificial Intelligence algorithms to your unstructured content, be that in O365 repositories (OneDrive, SharePoint, Teams) or in traditional file servers (on premise on in the cloud).

 

The AI works to generate an accuracy of 70-80% out of the box. 2 or 3 client subject matter experts per business domain then train the model, which improves accuracy typically to over 90%.

 

Once accurately classified, all data can then be protected from loss across the variety of exfiltration methods.

Data Loss Prevention

Not all data exfiltrated from an organisation is done via malicious intent. Users are often careless about over-sharing data, emailing the wrong content to the wrong recipient, or trying to find a productive workaround to meet a deadline.

 

During COVID, for example, workers copied data sets from corporate systems so that they could be productive when working from home. Home IT environments don't have the same cyber controls and data is easily leaked.

 

In the world of data exfiltration, there are three common exit points, The following section discusses each. The challenge is that not one single control system can cover all. They all need bespoke technology - however what is most important is to unify the potential breaches across all.

 

Email DLP

Emailing sensitive content to an external mailbox, presents a range of possibilities for exfiltration. Consider these use cases:

  • Sending internal material to a client or supplier. Worse, sending content to a prospective new employer or competitor

  • Accidentally including the wrong recipients on the To: or CC: fields of an email.

Endpoint DLP and Insider Threat

Copying files to USB-attached devices such as memory sticks or mobile phones provides an easy exit point for data to leave your organisation.

 

At an advanced level, employees departing organisations present a heightened risk and more advanced controls such as idenitfying use of hacking tools, and undertaking session recording can be a way of monitoring leavers.

 

Cloud DLP

Uploading files and documents to cloud-based applications such as DropBox or any of the O365 applications is a normal business practice.

 

However preventing the movement of the wrong files (the sensitive ones) is the key to a solid DLP implementation.

If any of this resonates with you, please reach out to us to discuss your requirements for managing your information classification and data loss programs.