K
Kathleen Martin
Guest
$4.35 million. That's the average total cost of a data-exposing cybersecurity incident, according to the Ponemon Institute's "Cost of a Data Breach Report 2022." That's an all-time high, up 12.7% from 2020.
Between the potential loss of trade secrets, reputational harm, and regulatory fines related to data privacy, data breaches can threaten an organization's very existence. And if you don't take proactive measures to prevent them, the circumstances that led to one breach can easily result in another. Eighty-three percent of breached organizations report having suffered more than one such event.
Data loss prevention, or DLP, refers to a category of cybersecurity solutions that are specifically designed to detect and prevent data breaches, leaks, and destruction. These solutions do so by applying a combination of data flow controls and content analysis. And in today's cyber-threat landscape, DLP has become a basic business need.
The Three States of Data and How DLP Protects Them
There are three main states in which data can reside within an organization:
Similarly, there are three primary "functional" DLP types, each dedicated to protecting one of these states of data. Here are just some examples of how this can work:
Between the potential loss of trade secrets, reputational harm, and regulatory fines related to data privacy, data breaches can threaten an organization's very existence. And if you don't take proactive measures to prevent them, the circumstances that led to one breach can easily result in another. Eighty-three percent of breached organizations report having suffered more than one such event.
Data loss prevention, or DLP, refers to a category of cybersecurity solutions that are specifically designed to detect and prevent data breaches, leaks, and destruction. These solutions do so by applying a combination of data flow controls and content analysis. And in today's cyber-threat landscape, DLP has become a basic business need.
The Three States of Data and How DLP Protects Them
There are three main states in which data can reside within an organization:
- Data in use: Data is considered to be in use when it's being accessed or transferred, either via local channels (e.g., peripherals and removable storage) or applications on the endpoint. An example could be files that are being transferred from a computer to an USB drive.
- Data in motion: Data is considered to be in motion when it's moving between computer systems. For example, data that is being transferred from local file storage to cloud storage, or from one endpoint computer to another via instant messenger or email.
- Data at rest: Data is considered to be at rest when it's stored, either locally or elsewhere on the network, and is not currently being accessed or transferred.
Similarly, there are three primary "functional" DLP types, each dedicated to protecting one of these states of data. Here are just some examples of how this can work:
- Data-in-use DLP systems may monitor and flag unauthorized interactions with sensitive data, such as attempts to print it, copy/paste to other locations, or capture screenshots.
- Data-in-motion DLP detects whether an attempt is being made to transfer (confidential) data outside of the organization. Depending on your organization's needs, this can include potentially unsafe destinations, such as USB drives or cloud-based applications.
- Data-at-rest DLP enables a holistic view of the location of sensitive data on a local endpoint or network. This data can then be deleted (if it's out of place), or certain users' access to it blocked depending on your security policies.