Data Loss Prevention – A Consultancy-led Approach for Nonprofits
Stricter General Data Protection Regulation (GDPR) guidelines and compliance around data protection pose a significant challenge and inhibit organisations and nonprofits from completely embracing cloud services. Controlling how data is used, stored, accessed and distributed is the only way to 100% guarantee compliance in this area, a near impossible task for any organisation. In the last 24 months however, advances in Data loss Prevention (DLP) tools now allow companies to protect sensitive information from falling into the wrong hands, a truly revolutionary solution to the question of data control.
DLP products work by monitoring occurrences that can lead to information leakages by using a defined set of rules and policies. Deployment strategies vary depending on the requirements of the business and can be broken down into three types:
- Network DLP tools are integrated with data transit points on the network and scan all content passing through the ports and protocols of the company. Through reporting, organisations can see what data is being used, who is sending it and where it is going.
- Suitable for Cloud Services, Storage DLP allows you to view confidential files stored and shared by your users and block and sensitive information to prevent leakage.
- Endpoint DLP is recommended for endpoint devices that are used for transporting files like PC/Laptops, USB drives and mobile devices. The solution allows the organisation to monitor and prevent the output of sensitive data.
However, according to supportIT CEO Joe McGivern, caution is advised ‘Companies often throw themselves into compliance projects product-first and this is an ill-advised approach. Because Data Loss Prevention is policy-led; the success of the implementation rests on the following:
a) the knowledge of the type of data held
b) what constitutes sensitive data and
c) processes around data storage, distribution and control.
SupportIt strongly advise a consultancy process at the start to inform the technology solution you choose and guide the deployment in terms of what policies and rules need to be set up.’
SupportIT currently recommends Endpoint Protector by CoSoSys for Endpoint Protector requirements. ‘They have just finished a successful deployment of Endpoint Protector by CoSoSys with one our compliance clients and it was a great benchmark for this type of project; it deployed relatively easy and it is now integrated into their business processes. Most importantly, their client is now fully confident that the data being transferred out of the organisation does not contain confidential information.’ Joe also recommends that clients review existing technology tools within the business to see if they already have DLP functionality,
Office365 has a Data Loss Prevention module within the main console in the security settings. Rules and policies can be set up against data loss parameters and organisations just need to contact their Office365 provider to ensure they have the correct licensing requirements in place.’
Data Loss Prevention is the next generation in data protection; organisations who embrace the change will reap the benefits of more control and a higher level of compliance in this area.