Speaking at the 2018 IQPC World Digital Refineries Summit Congress in Kuwait City, Rafiq Khurshid described Saudi Aramco’s data loss prevention (DLP) strategy. DLP is the practice of detecting and preventing confidential data from being “leaked” out of an organization’s boundaries for unauthorized use. Leaks can occur via emails, removable media, uploading of files to the web or cloud storage, printing out paper copies or using smart phones to take photos. DLP is an ‘integral part of a mature security program and a powerful tool for protecting sensitive data’. DLP monitors corporate traffic with content inspection and contextual analysis.
However, DLP is not a ‘quick fix’ product, but rather a process where implementation is just the beginning. Implementation involves defining roles and responsibilities, accountability and deciding who needs to be informed for each DLP activity. DLP solutions can be both software, or hardware-based but, warns Khurshid, ‘Before diving into the technology and available vendor solutions, you should first build a good understanding of what your business requirements for DLP will be’.
Data classification is the first step in a DLP program with the creation of a document classification matrix to establish where the existing data resides and how this data is classified. Documents are classified according to risk of exposure. A DLP governance policy is required and an incident response team trained with defined roles, responsibilities and procedures.
Postscript: Khurshid has been working with Aramco as a DLP consultant and has implemented a corporate wide rollout of the RSA Data Loss Prevention (DLP) suite. RSA’s DLP reached an end-of-extended support on the 31st December 2018 and the company announced that ‘RSA does not have alternative product or migration recommendations for RSA DLP.’
© Oil IT Journal - all rights reserved.