Throughout the data lifecycle, your data travels through three distinct phases. An ideal DLP plan will ensure security in all three of such phases— at rest, in transit, and in use. Below listed are the processes and how they are protected by DLP, classified by phase.
Phase I: Data at Rest
- Endpoint Security: Limits the ability of a user to install software and modify security settings.
- Host Encryption: Ensures hard disks are encrypted on all servers, PCs, and laptops.
- Mobile Device Protection: Ensures mobile devices have password protection and remote wipe facilities.
- Network Storage: Classifies sensitive information on a need-to-know basis.
- Physical Media Access: Prevents the copying of critical data to unauthorized devices.
- Safe Disposal: Usage of data erasing or data wiping software, before safe disposal of old storage devices.
Phase II: Data in Transit
- Border Security: Ensures unencrypted critical data does not leave your premises.
- Monitor Data Movement & Identify Threats: Monitors network traffic and flags unauthorized sensitive data transfers.
- Internet Access Control: Prevents users from accessing unauthorized sites to reduce risks of data theft through social media, personal sites, etc.
- Third Parties Exchange: Ensures all third party exchanges take place in a secure environment on a case-by-case basis.
- Instant Messaging (IM): Prevents file transfers IM applications.
- Remote access: Ensures remote access to the corporate network is only under secure conditions.
Phase III: Data in Use
- User Monitoring: Monitors the activities of privileged users who have access to sensitive information.
- Usage Monitoring: Monitors the usage of critical data to flag inappropriate usage.
- Data Anonymizer: Anonymizes sensitive data when it is not required in use.
- Test Data: Anonymizes data before putting into testing, if not in required use.
- Export Control: Restricts user capabilities to copy, paste, and print critical data from unapproved sections.