Your datacenter is a target. For hackers, for opportunists, for professional criminals and for rogue operators. Why? You hold data, lots of it and you host applications. Some valuable, some mission critical, some old and useless. But regardless of the type and utility of your facility’s data and hosted applications, your clients rely on you to protect their business from spying eyes. It’s a huge responsibility and one that should be at the very forefront of your business processes.
“Data loss prevention is back in the headlines,” says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand’s largest distributor of Fortinet’s cyber security solutions. “The so-called Panama Papers data leak caused all sorts of havoc around the world and the reverberations are still making waves. The ironic part is that the target firm, handling the details of literally billions of dollars of off-shore investments, didn’t invest a comparative pittance into protecting that data. If your datacenter holds sensitive data, you need to ensure that it stays put. That’s exactly what data loss prevention (DLP) provides.”
“Data loss prevention is not mysterious nor especially labour-intensive,” continues Khan. “DLP is a solution that, when applied at the endpoints, core, at individual segments on the network itself and especially email servers and mobile devices, prevents unauthorised users from sending any and all data outside the network.”
A robust DLP solution defines sensitive data, identifies and locates where that data resides and then assigns and tailors levels of access for various users and groups. Specifically, the DLP ‘tags’ certain data classification - such as credit card numbers or customer account data - in need of enhanced protection based on rules set by the business security policies.
“In the Panama Papers incident,” explains Khan, “someone emailed 11.5 million documents from the compromised network and no one even noticed. With DLP, the Panamanian-based overseas investment firm might have saved themselves – and their clients - a lot of unwanted publicity.”
DLP is optimised to prevent email-based data loss. Email provides a ready-made tunnel through which cybercriminals and malicious insiders can siphon data from the network. DLP provides a vital line of defence that spots e-mails containing any unauthorised data. The DLP then notifies the system administrator of a policy violation whilst denying the transmission of the email altogether. It’s fast, easy and stops any data leaks cold.
DLP can also be a valuable tool for IT administrators, enabling them to create, refine and enforce access policies, gain visibility into data flow at the granular level, filter data streams on the network and protect information both in transit and at rest.
DLP has other uses as well such as tracking and identifying digital assets. Before data can be prevented from exiting via email, on disks, USB drives or over cloud platforms, organisations first have to know where the data is located. That information ultimately arms organisations with the knowledge that simultaneously fulfils a multitude of objectives ranging from security strategy and compliance to Big Data and asset management projects.
“Stopping sensitive data from leaking out of the network is just the starting point for a good DLP solution,” concludes Khan. “DLP satisfies a wide array of increasingly stringent and enforceable compliance requirements by giving organisations the ability to not only discover and pre-emptively act on data loss but document the process for impending audits. Savvy datacenters can put DLP at the hub of their operations to keep their data safe and provide increased visibility into their entire set of data holdings. DLP represents an investment in security that you can’t afford to overlook.”
Andrew Khan, Senior Business Manager
M: 021 819 793
David Hills, Solutions Architect
M: 021 245 0437
Hugo Hutchinson, Business Development Manager
P: 09-414-0261 | M: 021-245-8276
Marc Brunzel, Business Development Manager
M: 021 241 6946