The law is clear
With the advent of stringent data protection laws such as POPI, the potential fallout should data be lost or stolen is even more potentially catastrophic. Over and above a drop in customer confidence, loss of reputation, and financial losses resulting from the incident, large fines can be levied against businesses who fail to adequately protect their customers' data.
POPI is the first really comprehensive law aimed at tackling privacy in South Africa. Personal data covers information such as name, date of birth, SA ID number, health information and similar. Any business that holds the sensitive data of its customers, and other partners, must put measures in place to secure this information. The law is quite clear and is made up of eight principles that address how data needs to be collected, stored, processed, secured, expired and who may access it.
The advent of POPI is driving the need for comprehensive data leakage prevention (DLP) solutions. Data can be lost in several ways, through loss, damage or theft. Data leakage happens when private data finds itself no longer under the organisation's control, due to a breach or hack, or through the carelessness of an employee. Damage occurs when data is compromised and the correct data is no longer accessible and loses integrity.
Data is always in one of three states - at rest, in motion or in use. Resting data includes information that lives in stores or file systems, data in use will be used in endpoint devices such as smartphones or PCs, and data in motion is moving through the network, being emailed or shared in one way or another. DLP technologies help to ensure that end users do not send any sensitive or proprietary data out of the company network.
DLP identifies, monitors and protects data in use, data in motion on your network, and data at rest in your data storage area or on devices. The technology employs deep content inspection and a contextual security analysis of transactions, essentially acting as the enforcer of the company's data security policies.
In addition, DLP systems act as enforcers of data security policies. They provide a centralised management platform that was built to pinpoint and prevent any anomalous or unauthorised transmission of the organisation's sensitive information. It also protects against any accidental data leaks, as well as leaks by malicious insiders within the organisation, and also protects against external attacks. Data loss prevention technology is designed to mitigate the threat posed by data exfiltration on a network.
DLP also offers flexibility. Traditional security tools were designed to allow or block based on source, destination and channel. With the advent of social media, this approach can impact on a company's ability to benefit from these new channels. While many companies still block social media sites for security reasons, DLP solutions can enable organisations to permit social media, personal emails and suchlike, but with the ability to control the content posted to those destinations, allowing businesses to be more flexible but remain secure.
Remember, today's businesses must fully comply with POPI legislation. While DLP on its own cannot make businesses fully compliant, it can definitely assist them in achieving a thorough understanding of what data is leaving the business, where is it going and where it is being stored.
