IMPLEMENTING HOST DATA LOSS PREVENTION (HDLP) SYSTEMS TO PROTECT CONFIDENTIAL DATA AGAINST THEFY BY INSIDER THREAT
for the degree of
Chapter 1: Introduction
Background information
Data has now become an important business tool and driver in the modern information-driven society. Business organizations and government ministries are now incorporating information systems that generate large volumes of data which is valuable, sensitive or secretive and in the event it leaks to the outside world or falls into the wrong hands, it can cause huge financial losses, weaken negotiation positions of businesses and damage strategic position of the affected business (Alneyadi, Sithirasenan and Muthukkumarasamy, 2016, p. 5). For this reason, it has become vital that companies and government organizations implement strategies that prevent losses of data given the many disadvantages that they are likely to be faced with data leakages (Wu and others, 2011, p. 40). In the past, security systems strategies have primarily focused on protecting organizational data from external losses that are generally beyond companies. These traditional security systems were developed and implemented with the main aim of curbing data leaks from external attacks. However, recent research findings do show that organizations are facing new data and information loss risks form internal sources inform of employees, a threat which poses the same severe effects as data losses through external attacks (Al-Fedaghi, 2011, p. 17).
For companies to effectively minimize and stop data losses through insiders, they need to implement a solution that monitors audits and control user behaviors when they are handling sensitive organizational data such as Data Loss Prevention Systems (Kim, Hwang and Kim, 2012, p. 90). These Data Loss Prevention systems are capable of protecting enterprise data from losses in real time by centrally regulating and restricting the way employees make use and transfer organizational data. Host Data loss management systems are implemented to protect organizations from financial losses, brand image, noncompliance to legal issues around data protection and competitive advantage. HDLP systems generate forensic reports periodically without necessarily disrupting the business activities of the organizations from data losses threats that originate from inside namely, emails, CD burns, USB copying and web posting. Data loss from inside sources can also occur when malicious programs intrude and compromise the employee credentials. Host DLP Systems requires that users are identified and authenticated before they are given permission rights to use any organizational data. Audit reports in Host Data prevention loss System allow information systems managers to change configurations. This dissertation hypotheses that the current security technologies and strategies in the majority of firms are ineffective and insufficient and that use of appropriate Host Data Loss Prevention System will prevent organizations form economic losses, brand image harms and loss of internal sensitive data.
1.2 Scope
When business organizations and government institutions are implementing a security strategy such as a Host Data Loss Prevention (HDPL) System that is important in analyzing, monitoring and tracking organizational data, business executives must understand the technical weaknesses of their information system that make it vulnerable and susceptible to insider attacks and data loss risks. When they gain an understanding, the status of their databases and information system network, companies then, identify the available product in the market that satisfies their technical and functional requirements. This paper recognizes that HDLP systems vendors have particularly no new product that they bring to the market only that their solutions are based on data at end points, data-in-transit, and data at rest points of view. Each of these solutions vary in their approach and while one product or service addresses one of the points, another may be customized to provide solutions to two or all the three issues.
For this reason, this dissertation will limit its focus on identifying the technical as well as functional needs of organizations before they can implement Host Data Loss Prevention Systems. The dissertation will review the various Data Loss Prevention products in the market and then identify an appropriate solution that integrates excellent functional and technical requirements of the company (Marecki, Srivatsa and Varakantham, 2011, p. 777). This dissertation will make reviews of specific modules of Host Data Loss Prevention module that needs to be implemented in a typical financial institution as the assumption will be that these kinds of organizations are most vulnerable to insider data loss risks in the light of available products in the market. This dissertation will review inherent strengths and weaknesses of some of the available Host Data Loss Prevention System such as McAfee’s Host Data Loss Prevention solution, clearly identifying its specifications and its strengths in handling Data Loss concerns from insiders in financial market organizations. The primary research question will be how Host Data Loss Prevention systems have bridged the security gap in insider data losses.
Problem definition
Data leakages have become a major problem for many organizations globally. This is more evident in companies that have suffered huge economic losses as a result of insiders leaking or losing sensitive company information. Security technologies and strategies that companies implement such as firewalls, IDS and IPS have only been effective in preventing data losses from external risks. These technologies identify vulnerabilities to company data and prevent data losses. Since these technologies do not provide any form of company data protection from insider attacks and vulnerabilities, company executives must find new ways to deal with the new insider threats for them to survive. It is now evident that data leakage is a problem that organizations have to contend with to maintain a competitive advantage in the market.
These insider attacks are mainly carried by unsatisfied employees seeking ravage, employees with criminal tendencies, with financial motives or employees working for foreign intelligence services. They have the sole motive of stealing confidential data for deliberate and intentional misuse. Other employees may unwillingly cause data losses by not adhering to the security guidelines of the company. For this reason, HDLP systems were designed to address data disclosure risks from insiders (Shabtai, Elovici and Rokach, 2012, p. 186). Data loss in organizations can be described as the leaving of confidential and private information from the enterprise through unauthorized communication channels namely applications, network protocols and physical devices (Wuchner and Pretschner, 2011, p. 152).
In the light of the above problem that companies and government institutions are faced with to prevent data leakage problems, this dissertation seeks to suggest that organizations can use HDLP systems (Nawafleh and others, 2013, p. 23). The dissertation seeks to give answers to how organizations can prevent data leakage problem that is now perpetuated by employees that work on the same environment they are supposed to protect. The dissertation shall consider how HDLP systems can be implemented in organizations to control data-at-rest in company databases from inside attack, data-in-use in employees’ workstations from leaking and data-in-motion in company networks from insider hijacking.
1.4 Approach
This dissertation is an exploratory research that makes use of primary and secondary methods of data collection. In this dissertation, there is extensive use and reference to academic papers, journals articles, industry surveys and annual reports. The quantitative primary research method will involve carrying out interviews, both written and oral, with business executives of financial institutions so as to understand typical security needs and concerns that such organizations have. Academic papers and journals will be used to explain the technical aspects of the Host Data Loss Prevention System with the foundational technologies that support this technology. To find out the features of the various DLP products that are in the market, this dissertation will rely on press by solution providers as well as internet sources. The secondary methods of data collection will involve interviews from industry experts and professionals who are knowledgeable on the DPL Systems solutions that are available in the market and how these solve needs of the customers.
The large part of this dissertation will be spent on evaluating DPL products in the market including their capabilities. As such, establishing clear guidelines for the research is important which is followed by research. This dissertation research methodology follows structured ways to evaluate security technologies and applications. The qualitative methods of data collection will involve conducting case studies of other organizations where Host Data Prevention Losses have been implemented successfully or have failed.
1.5 Outcomes
The research findings found out that the main areas that need to be secured in the organization are legal documents such as contracts and internal documentation stored in company database, human resources, IT resources such as logins, passwords and databases. To implement a host data protection loss system, the research findings found out that MacAfee solutions can enable the company to monitor and protect, online trading platform in the company, control connection equipment of the personal computers in the organization, structure and systemize data, enable transparency of data flow in the company and ease the work of Information systems auditors since the solution will provide compliance with internal as well as external regulatory requirements (Boranbayev , Mazhitov and Kakhanov, 2015, p. 803; Baquiran and Wren, 2012, p. 7).
References
Al-Fedaghi, S., 2011. A conceptual foundation for data loss prevention. system, 16, p.17.
Alneyadi, S., Sithirasenan, E. and Muthukkumarasamy, V., 2016. A Survey on Data Leakage Prevention Systems. Journal of Network and Computer Applications.
Baquiran, M. and Wren, D., 2012. Fast and Effective Endpoint Security for Business 2012.
Boranbayev, A., Mazhitov, M. and Kakhanov, Z., 2015, April. Implementation of Security Systems for Prevention of Loss of Information at Organizations of Higher Education. In Information Technology-New Generations (ITNG), 2015 12th International Conference on (pp. 802-804). IEEE.
Kim, J., Hwang, J. and Kim, H.J., 2012. Privacy Level Indicating Data Leakage Prevention System. International Journal of Security and Its Applications (IJSIA), 6(3), pp.91-96.
Marecki, J., Srivatsa, M. and Varakantham, P., 2011, August. A Decision Theoretic Approach to Data Leakage Prevention. In Social Computing (SocialCom), 2010 IEEE Second International Conference on (pp. 776-784). IEEE.
Nawafleh, S.A., Hasan, M.Y.F., Nawafleh, Y. and Fakhouri, S.A.R., 2013. Protection and defense against sensitive data leakage problem within organisations. European Journal of Business and Management, 5(23).
Shabtai, A., Elovici, Y. and Rokach, L., 2012. A survey of data leakage detection and prevention solutions. Springer Science & Business Media.
Wuchner, T. and Pretschner, A., 2012, November. Data loss prevention based on data-driven usage control. In Software Reliability Engineering (ISSRE), 2012 IEEE 23rd International Symposium on (pp. 151-160). IEEE.
Wu, J., Zhou, J., Ma, J., Mei, S. and Ren, J., 2011, October. An active data leakage prevention model for insider threat. In Intelligence Information Processing and Trusted Computing (IPTC), 2011 2nd International Symposium on (pp. 39-42). IEEE.
