DP & DLP
In the security field, the threats number and risks of identity or information theft charged to individuals or companies respectively has been increasing. As a result, the data protection issue has become greater than ever, especially from the new European General Data Protection Regulation 2016/679 “GDPR” implementation point of view.
Many common mechanisms for computers protection from malicious actions and internal attacks are available. The most popular mechanisms are firewall, anti-virus, anti-spam, anti-malware, intrusion prevention systems (IPS) and network access control (NAC).
The use of firewalls, for instance, restricts the access of externals to the internal network, similarly, an intrusion detection system detects intrusion attempts by outsiders. On the other hand, Internal attacks can be avoided by antivirus scans which are able to detect, for example, Trojan software installed on PCs which is aimed to send private information those PCs, as well as anti-malware systems which are used to prevent data loss due to malicious software.
Along with the classic protection systems aimed to prevent attacks from outside, there are also increasing needs to provide systems that are able to prevent information leaks from business systems: the so-called Data Loss Protection systems.
Data Loss Prevention (DLP)
The devoted DPL solutions are useful to identify and prevent unauthorized attempts to copy or send , intentionally or unintentionally, sensitive data without authorization, especially by personnel who are provided with access permissions and privileges to confidential information. These solutions use different methods to classify sensitive information. Some of those methods can be the exact match of certain data (static methods) or the usage of keywords that “tag” files as data to be protected according to suitable security policies. The subsequent action is typically the data copying or transmitting block.
There are both network DLP hardware devices and endpoint DLP systems running on end-users workstations or on company’s servers. Like network based systems, Endpoint systems are able to monitor the information flow between groups or user types. They can also monitor e-mail communications before they are stored on the company’s archive, so that a communication can be blocked, as well as the access to physical devices (For example mobile devices capable to store data such as smartphone, tablet, Pen-drives or external Hard Disks) and, in some cases, the possibility to get access to information before they are encrypted. Endpoint systems can also provide application monitoring in order to block activities that attempt to send confidential information, and report to the user an immediate feedback through a suitable warning message.