Cybersecurity: data lineage at the service of data loss prevention (DLP) ?
Technical data lineage coupled with the detection of information uses makes it possible to know from any data, who finally accesses it, and in what context.
What if it's a big problem with real security information, a simple and effective answer for the prevention of data leaks/losses?
What is DLP (Data Leaks / Loss Prevention)?
_______________________________________
“The term Data Loss/Leaks Prevention (DLP) refers to a set of techniques that identify, control and protect information through in-depth content analysis, whether the information is stored, in motion, or processed. The objective is to limit the leakage of sensitive data.
A DLP solution is able to identify sensitive data, locate where it is stored, control who should have access to this data and finally protect it, i.e. prevent any unauthorized person from having access…” Wikipedia
It is a major component of the world of Cybersecurity.
The major components of a DLP solution
_______________________________________
DLP solutions are disparate and generally do not provide the same answers. Nevertheless, they often have a common base that includes the following 3 features:
- Management of output devices, for example blocking USB keys, etc.
- A content-related component, preventing certain data from being copied to certain components.
- A component relating to the rules: these are constraints in terms of printing, sending information by email, etc.
The limits of DLP solutions
_______________________________________
Companies spend billions on DLP!
According to CrowdStrike, spending is expected to reach over $6 billion by 2026.
Unfortunately, many companies don't see the return on investment they expect: DLP solutions have earned a reputation for being too difficult to implement and maintain, and they don't deliver the right relevance for all technological stacks concerned. They have also acquired the reputation of triggering false alarms, a shame!
Without replacing the Data Leaks Prevention solutions, the data lineage associated with the analysis of the uses of the information will make it possible to secure the sensitive data with regard to its deployments in the Information System.
Data lineage will also make it possible to know who is accessing it, while responding to a large number of other issues.
... But what is “data lineage”?
Data lineage reveals the life cycle of data.
It aims to present complete data flows, from the sources to the exploitation of the data by the businesses. This includes all the transformations undergone by the data until their uses.
By combining the different data flows, data lineage makes it possible to establish a real cartography of the Information System. This map can be shared with everyone.
Data lineage in the DLP / Cybersecurity context
_______________________________________
In a DLP context, dynamic data lineage is combined with the analysis of data usage (via a log scan), to instantly know who is accessing this or that data. This can be access via dataviz tools, or even via a simple request to feed an Excel file.
Compliance teams can thus, from the simple entry of a data name in a search engine, know the uses that will have been made of it, and thus pinpoint potential uses that do not comply with internal rules!
The analyzes of the Information System taking place daily, the answers delivered will always reflect reality. And it is possible to set up alerts, by email for example. All that remains is to act!
Data lineage has a virtuous impact in other contexts
Data lineage is a technical component of Data Governance or Metadata Management tools. It makes it possible to address countless use cases, of which here are a few examples:
Strategic data dependency: Good data keeps businesses running smoothly. All business units, including marketing, production, controlling, sales departments, etc., depend on data. The information gathered from research, the field, operational systems, allows organizations to be optimized and products and services to be improved. The granular information provided by data lineage helps to better understand the real meaning of this data, and allows to validate its quality.
Up-to-date data feeds: Data changes over time, new methods of data collection and agglomeration must be combined, and used by teams to create business value. Data lineage provides monitoring features that allow these flows to be reconciled, and to make the most of old and new data sets, in the Cloud or on Premise.
Data migrations: when the IT department must migrate data to new storage solutions, typically the Cloud, or even operate technical migrations from software to software, it must be able to map and define the life cycle of the data in its source system. Data lineage provides this information efficiently, making migration projects infinitely simpler and less risky. In addition, data lineage makes it possible to prioritize and segregate flows, to precisely organize migrations.
Data governance: Data lineage is a good way to provide reassurance in the event of a compliance audit, improve risk management and ensure that data is stored and processed in accordance with organizational policies and regulatory requirements. The best known being the BCBS239 text, the data component of Basel III which aims to consolidate risk reporting in the banking world, as well as all the underlying supply flows. The second, much better known, is the GDPR, the European regulation which aims to give individuals control over their personal data. Data lineage will prevent the anarchic distribution of so-called "personal" data
Conclusion
Data lineage is becoming an essential tool for sharing the governance of large and complex information systems.
To work on Data Loss/Leaks Prevention, which is a key element of cybersecurity, it will be a valuable ally, as it is simple, efficient, constantly up-to-date, and inexpensive compared to most DLP solutions! Many other topics can be covered elsewhere.
Commentaires
Enregistrer un commentaire