One day last week, I thought about writing this blog post. It would be more technical than my other posts, but I was doing that thing where you keep talking yourself out of it. As most of you may know, I’m an experienced IT Auditor. For the last five years, I’ve been in all things IT Audit roles. However, in February, I took a risk and started a new role. Basically, I’m currently a DLP “SME” now.
I used the word “SME” or Subject Matter Expert because in consulting you never let your client know you lack knowledge and experience in a particular subject. In my case, I’m new to Data Loss Protection, however, I have to learn fast and talk that talk whenever the client has an ask. With my IT Audit background, I understand topics around encryption, protecting PII, data-at-rest, and etc, but it’s one thing to bring it all together. DLP emcompress so such.
What is Data Loss Prevention?
Let’s break this down word for word. What’s data? Data is information. It is anything you’re collecting. Credit Card information, Personally Identifiable Information (PII), Protected Health Information (PHI), a n y t h i n g. What’s loss? The process of losing something. I don’t know anyone who likes to lose something important to them. I have a full-blown heart attack whenever I can’t find my wallet. What’s prevention? Prevention is to keep something from happening. Let’s put it together. Data Loss Prevention is to keep the loss of information from happening.
I always know the concept of DLP was important. I just never realized how important it was. Let’s use Amazon as an example. You create an account. You give Amazon your name, address, email address. Next, you search for products to purchase. You purchase a gift for your friend and add your credit card information (which will most likely be saved so you can make quick purchases next time). Amazon basically knows everything about you and it’s stored on some server somewhere. Now think about every company that has this information. How pissed would you be if they lose it and now some man in a basement is running up your credit cards?
Think about your own personal DLP. I’m going through the process of moving during COVID19. The Leasing Agent requested information via email. I can imagine the number of people sending important information unencrypted. W i l d.
Simple enough right? Right. So how do you apply DLP? Think I’ll save that for another blog post in the future. Someone remind me! 🙂