Security+: Technologies And Tools – DLP

Introduction

To any business or corporation, information and data are the blood flow of daily operations. This consist of market intelligence as it relates to your competition, the sensitive customer information (such as contact info, credit card/banking numbers, etc.), and even your own internal data. Safeguarding all of this is a must, not only from it being hacked into but also making sure that only the authorized employees have access to it.

This is technically known as “Data Loss Prevention,” or “DLP” for short. A specific definition is as follows:

“It set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users. DLP software classifies regulated, confidential, and business critical data and identifies violations of policies — typically driven by regulatory compliance such as HIPAA, PCI-DSS, or GDPR. Once those violations are identified, DLP enforces remediation with alerts, encryption, and other protective actions to prevent end users from accidentally or maliciously sharing data.” that could put the organization at risk.” (SOURCE: 1)

As a Security+ cert holder, you need to be aware of the basic concepts of DLP, as well as some of the latest technologies that are used.

The Basic Concepts of DLP

Three types of DLP Systems are used today in organizations, and they are as follows:

1. In Use Protection:

This is the information/data that is generally used on a daily by authorized employees or even software applications within the organization. Typically, these types of datasets are used to deliver products and services to customers as they are being requested or purchased. This type of information is normally encrypted constantly so that if they were to be intercepted by a malicious third party, it would remain in a garbled and undecipherable state.

2. In Motion Protection:

This is (Read more...)