Data Loss Prevention Articles

Data Protection

Data Protection - Data Leakage Prevention by DeviceLock DLP

For any business in the modern economy, information has become a critical intangible asset for its growth, sustainability and competitiveness. Such information includes intellectual property, patents, customer data, technology know-how, competitive intelligence and many more types of meaningful knowledge.

On the other hand, unauthorized access to and dissemination of valuable corporate information, such as the company’s financials and trade secrets, PII and PHI of clients and employees, may lead to heavy financial losses from costly litigation, damage to reputation and loss of business.

That is why protecting data is among most important tasks for corporate IT organizations.

Today, ubiquitous mobile data communications, the Internet, social media, email, and other consumer applications, as well as the commercialization of cybercrime, have all combined to sharply increase the threats to data security. The cybercrime industry is persistently “hunting for data” rather than merely disrupting the IT infrastructure or discomforting users. Cybercrime’s ultimate goal is the financial profit gained from selling valuable information stolen from individuals, businesses and government organizations – everything from personal credit cards and passwords to intellectual property and national secrets. The cybercrime ecosystem has become information-centric, and the technologies and tools used by cyber thieves are purely targeting data while often using consumer apps and human nature weaknesses to infect target computers with malware to penetrate the corporate network.

Data is very much “the blood” of corporate IT, and as a loss of blood is deadly dangerous for living organisms, so are the leaks of data from the corporate environment and its internal users.

The pandemic of data leaks and theft has already become a top-level challenge for corporate executive management teams across the world, because the data leakage problem is not just marketing hype as confirmed by statistical reports from all credible sources. These all show the same threatening picture – data breaches affect businesses across all industries, as well as non-profit and government sectors.

It is especially dangerous that a significant part of all data leak incidents is related to insiders – normal users of corporate IT systems that include employees, contractors, partners and clients. The reason is human nature – humans make accidental mistakes and can be negligent in data handling, while sometimes there is actual misconduct. Often, many are just victims of social engineering attacks (e.g. phishing).

To solve this problem, DeviceLock has developed a software solution that prevents data leakage from corporate endpoint computers by implementing all three main DLP functions – protection of “data in use” (DIU), “data in motion” (DIM) and “data at rest” (DAR).

The “data in use” DLP functions implemented by DeviceLock and ContentLock components control data access and transfer operations on endpoint computers for local channels and applications like removable media of all types, clipboard operations, peripheral ports, printing, screenshot captures, etc.

The “data in motion” DLP functions enforced by NetworkLock and ContentLock components prevent leakage of data transmitted through network communications – for instance, via email, webmail services, instant messengers, social media, cloud file storage services, P2P file sharing, SMB file shares, as well as HTTP(S) and FTP(S) protocols.

To prevent leakage of “data at rest” stored on corporate endpoints and in the network, DeviceLock DLP provides content discovery and data remediation. By scanning data residing on file shares and network attached storage systems in the corporate network, as well as on Windows endpoint computers, DeviceLock Discovery locates documents with exposed sensitive content, and handles them with several remediation options.

DeviceLock DLP includes a lightweight enforcement agent that is installed on every protected computer and a central management console or Group Policy snap-in that is adjustable to any size and type of corporate network. Running transparently for users and applications in the scope of normal business processes, DeviceLock Agents detect and prevent unauthorized data access and transfers through local ports and peripheral devices, as well as through popular network applications and services. In addition, DeviceLock Discovery Server and DeviceLock Discovery Agents are used to scan and find documents with exposed sensitive content stored at prohibited locations on endpoint computers and other data storage areas in the network.

The solution is simple, scalable and easy to operate for Windows administrators because its deployment, management and administration can be performed right from the corporate Active Directory by using its native policy configuration feature – Group Policy Objects.

By preventing endpoint data leaks, DeviceLock DLP helps organizations minimize related information security risks and achieve compliance with corporate data use policies, IT security standards and government regulations.