Identify the Critical Piece Missing from your DLP Strategy
Data Loss Prevention (DLP), in its broad definition, refers to the overall protection of corporate data and ensuring that data is protected from leaking outside the corporate network, regardless of the means in which it is transferred.
The term DLP is well known, understood, and implemented inside the Enterprise IT security community. In this context “data” can be normal operating data, business critical data, highly confidential information which can be considered a true company asset, or customer-sensitive data subject to privacy laws.
This data is normally stored and managed in central IT repositories or databases, inside an enterprise’s IT infrastructure or cloud services, and used by the company in their everyday business processes. Protecting this data from hackers, cyber criminals or external malicious parties is of the utmost importance and vital to the health and operating success of any company. Today many security technologies and methodologies provide this protection.
If DLP is Well Implemented Today, What’s Missing?
As indicated above, the protection focus is generally on ensuring that the central enterprise IT infrastructure including repositories/databases, cloud services, and fixed-line accesses are sealed and well protected against unauthorized external malicious attempts to steal the data. The real threat today, though, which is many times not addressed, is on the mobile front.
The Evolution of ‘Data’ in DLP
The advent of the mobile revolution has completely changed the security landscape and introduced new threats and attack vectors. Today it would be naïve to assume DLP is limited to “data” in data files. Highly confidential information is exchanged daily by voice calls and instant messages, and mobile communications must be incorporated into DLP.
Mobile connectivity today coupled with the latest generation of smartphones enables businesspeople to connect on the move in any place at any time, allowing exchanges of highly confidential company information in the most disparate places: hotels, restaurant, airports, homes, and other places that can easily be utilized as virtual offices. Unfortunately, by their very nature, such environments are not protected and very susceptible to attacks by cyber criminals. The risks increase significantly during business travel in areas with risk of surveillance and interception such as South America, Africa or the Far East.
It’s common practice for businesspeople, especially at top C level, to discuss by phone calls or texting information related to all sorts of business critical activities; mergers & acquisitions, new product releases and developments, pricing related to real-time tenders, and others. Frequently this information exchange needs to occur at that moment with a smartphone, as timing is critical and no other options exist, and executives do so, putting themselves and their companies at enormous risk.
It’s fundamental that business critical information exchanges via mobile phone calls and texting be considered an integral part of an enterprises DLP security strategy and the only real protection is to encrypt these voice and messages exchanges, using strong end-to-end encryption.
European Community Addressing Mobile as Part of DLP
In particular, in Europe, the European Community has and is actively involved in addressing DLP security risks.
The first data protection directives date back to 1995 and 2008 (2008/977/JHA), but the European Parliament is currently preparing an updated version of the legislation to be approved by the end of 2016, with a special focus on the mobile front, including mobile phones, not present in the previous directives. The new rules should also recommend end-to-end encryption for protecting communications.
If your organization has not included mobile in their DLP strategy, we’d be happy to explain how to mitigate these security risks by including mobile security in your strategy. KoolSpan is a recognized world leader in secure mobile communications, providing an enterprise grade, robust, end-to-end, secure voice and messaging encryption solution with seamless interoperability across all major smartphones.