An Introduction to Data Loss Prevention

This paper serves as a primer on preventing “data loss,” an umbrella term that encompasses two distinct phenomena: system failure and network intrusion.

Firms that fail to protect their data – often proprietary customer information – not only suffer from unflattering news coverage but the often crippling expenses related to churn, Service Level Agreements and project redesign.  A good deal of the fallout from data loss can be prevented with a measure of investment that seems minute in comparison to the risks of remaining vulnerable.

The most common reason for data loss is system failure.  System failure due to faulty hardware or data corruption due to faulty or non-compatible software accounts for 53% of recorded data loss events (Cost of Down Time Survey). In most cases, a company’s downtime minutes due to system failure can easily be converted into thousands of dollars worth of business expenses.

Simple precautionary measures to prevent system failure exist.  At a minimum, RAID infrastructure with redundancy capability (for example RAID 1 or 5) provides fail over in the event of one drive. Redundant power sources on separate power infrastructure fed by uninterruptable power supplies mitigate the impact of power fluctuation events.  Keep brown-outs and black-outs the concern of your local utility.

In addition, Data Centers that provide multi-carrier redundancy protect against the possibility of upstream connectivity failure. Fully redundant servers behind an upstream load balancing appliance with fail over capability ensure that problems will not result in revenue-impacting downtime. Of course, regular and frequent backups of all vital information should be stored on a remote medium via network, tape, or disk to provide a final means of recovery should all other redundancy fail.

The second type of data loss is caused by network intrusion, or the act of an unauthorized third party gaining access to proprietary information either physically or remotely.  Although perhaps less common than hardware or software failure, network intrusion can cause much bigger problems – and exponentially increase the cost to a business — as data is not merely lost or damaged but compromised.

The most carefully-laid plans for a secure network infrastructure fall apart when an intruder is allowed physical access to network resources (e.g., booting Linux in single-user mode or simply stealing a drive for data retrieval using a separate operating system).  Today’s premier data centers require biometric identity verification for access, use remote video surveillance to monitor the activities of individuals granted access and are staffed 24/7 by network experts.  Identities are verified before granting access to network resources such as login information or physical access to servers and routing equipment. Employees handling sensitive information are trained on commonly used “social engineering” techniques.

For remote attacks, strong public key data encryption offers the highest level of data security against network intrusion, depending on its use and the availability of the relevant keys. The latest version of Transport Layer Security (TLS) or Secure Socket Layer (SSL) encryption is an absolute necessity to achieve PCI Compliance for web-based storefronts. Secure network tunnels, or Virtual Private Networks (VPN), provide a Public Key Infrastructure protection across non-web based Internet communications while True Private Networks (TPN) provide the same encrypted protection without the hazard of relaying information across the open Internet.

Intrusion Prevention software is recommended for terminals and servers that force registry changes to be manually opted into (in Windows systems), as well as for monitoring application-layer processes for permissions elevations and for scripting behavior that coincides with signatures pre-compiled from previous attack attempts. This measure is now commonly applied to great success on dedicated firewalls to prevent such activity from ever reaching production servers. Given the proliferation of code “injection” as a means to bypass firewalls that are unable to cope with OSI layer 7 based attacks, such systems are only going to become more vital to security infrastructure.

In large, multi-department corporations, the use of a Virtual Local Area Network (VLAN) logically segments internal network traffic, preventing data “leakage” across departments and mitigating the impact of any single network intrusion event.

For the IT-intensive business, there is a direct connection between profit and the data loss. Securing against the threat of system failure and network intrusion is a fundamental part of network and company policy design and cannot be left as an afterthought.