Data Loss Prevention

Whether it’s to protect sensitive data or safeguard intellectual property, putting DLP best practices in place helps organizations maintain visibility and control of their data. People, processes, and technology all play a key role in how data loss prevention activities are applied across the organization.

To minimize the risk of a data breach, everyone – from board members down to individual employees – has a responsibility to protect data within an organization. With clearly defined processes in place, data is protected while in use, in motion and at rest. While DLP software solutions monitor and consistently enforce policies across the network, at endpoints, and in the cloud.

The DLP solution from Clearswift provides much more than just stop and block functionality. It minimizes the risk of accidental data loss, data exfiltration, and cyber-attacks, to keep sensitive and valuable data safe, while reducing impact on day-to-day operations. It does this by intelligently inspecting structured and unstructured data within email messages, files transferred to and from the web or cloud, and at endpoints, making sure the appropriate security policy is always automatically applied.

The solution understands both content and context and adapts its behavior accordingly. Policies can be set so that certain individuals, teams, or departments have more flexibility than others. For example:

• The CEO is authorized to send sensitive data to the CFO, so the data is automatically encrypted to protect it while in motion.
• When the HR team sends sensitive data to an unknown third party, the solution recognizes that this could be an unauthorized transfer. But rather than block the communication, it automatically removes the sensitive data from the message, allowing a safe version to continue unhindered.
• The user is alerted to the fact that a policy violation occurred, but business is not interrupted. This significantly reduces the numbers of false positives that occur and removes any risk.

This automated process is made possible by a unique technology called adaptive redaction.

Adaptive Redaction technology sets Clearwift apart from other vendors. It occurs during the content inspection process, when in real time, a Deep Content Inspection engine deconstructs files down to their constituent parts. If it identifies sensitive or valuable information or any cyber threats, it automatically removes, deletes, or sanitizes the files as per the rules set by the organization. The solution then reconstructs the files, allowing them to continue without delay. The inspection capability is not limited by zip/encryption, file size, analysis timing delays or multiple embedded document layers.

There are steps organizations can take to build and implement an effective DLP strategy. First, identify the types of data that need protecting. This might be data based on regulation (GDPR, HIPAA), personal data (PII or PCI), or other valuable, business-critical data. Consider whether data needs to be labelled according to its classification, where it is stored (on-premise or in the cloud), how it is shared (email, web or managed file transfer) and who needs access to it. These considerations help determine which DLP solution is right for your organization.

Next, design policies that keep the data secure. In monitor mode, the Clearswift solution allows organizations to measure the effectiveness of DLP policies before they are implemented, refined, and finally deployed. Default policies configured for industry regulations and support for SIEM solutions, make deployment and compliance a quick and easy process. Finally, even with risks minimized, it is still important to ensure that everyone knows what to do in the event of a data breach.