数据丢失预防(DLP) is a strategy put in place by security organizations that prevents the leaking 和 potentially malicious exfiltration of secure data. 根据信息系统审计与控制协会(ISACA), implementing a robust DLP solution is crucial for detecting 和 preventing unauthorized 数据泄漏 和共享,从而保护敏感信息.
The organization goes on to say that it’s important to know locations where data exists, along with an indication of the functional areas of where to implement or enhance applicable security 和 privacy controls.
DLP is important for many reasons, not the least of which is the company’s bottom line. Stakeholders 和/or shareholders have a vested financial interest in not seeing critical company data stolen 和 either held for 赎金 (which will cost a lot of money) or forever affect the reputation of the business (resulting in erosion of customer trust 和 a lot of money lost over a very short period of time).
阻止攻击者破坏系统或网络说起来容易做起来难, 尤其是在这个时代 云安全 和操作. An effective DLP solution solves for two primary types of offenders: internal 和 external. 恶意行为者当然也是企业的雇员, 但通常情况下,当内部罪犯是数据泄露的来源时, 它不知不觉地发生在那个源的一部分.
这些天, pretty much everyone underst和s that sensitive information is transmitted through the cloud 和 back again many, 很多次. 这就是我们今天的生活方式. 通常, 虽然, 我们不了解数据是如何在组织中传输或以其他方式使用的.
另外, these organizations may be unaware of certain communication or workflow trends that could put an organization at unnecessary risk. 例如, a business’ finance department might engage in a workflow whereby they transmit incredibly sensitive data through public communication channels like email or instant messaging.
External offenders typically know exactly what they’re doing: trying to break through the defenses of your company’s security organization 和 steal sensitive data 和 – as previously mentioned – hold it for 赎金 或者把它卖给出价最高的人 黑暗的网络.
主要原因如下, it’s critical a DLP solution is able to detect when 和 where data is leaving 和 entering networks 和 help analysts prioritize protecting data that may be more sensitive than other data.
Let's take a look at some of the top reasons data at rest or in transit might "leak" off of endpoints, 系统, 和网络,落入坏人之手.
The benefits of a DLP solution are clear 和 add up to the ability to better secure data from inadvertent exposure 和 theft. 让我们来分析一些关键的好处,以及它们是如何具体影响网络的.
The ability to monit或网络 endpoint devices 和 analyze traffic 和 interactions for suspicious activity will accelerate visibility of an overall environment 和 improve security posture. Monitoring a network for data loss can also help to eliminate previously unseen blindspots – internally 和 among devices connecting to a network – that were just waiting to be exploited.
身份和访问管理(IAM) 对于DLP解决方案至关重要 网络安全 在一般情况下. IAM helps to ensure the right people are accessing the right endpoints 或网络 系统. 通过在关键系统和端点上建立IAM策略, 网络边界变得更难攻破, 这反过来又能帮助企业保持下去 合规 具有内部和外部监管标准.
数据分类应该尽可能简单和直接. 让我们来看一个分层结构的例子:
基于这种分类, 很明显,在错误的级别存储错误的数据, 或分类, 可能有潜在的灾难性影响. If there is a situation where data of different classification levels must reside on the same server, intermixed data should be labeled 和 classified using the highest classification rating 和 thus protected accordingly. 自动化这个过程也将有助于确保它的效率和速度.
Implementing best practices for a DLP solution will help to calibrate it to a specific environment. 根据ISACA, there are many best practices that will help to ensure a DLP strategy is deployed successfully:
人
管理
部署
IT-restrictive控制
产品选择