How Robust, Granular Data Loss Prevention Stops Data Leaks

Contact Us

How Robust, Granular Data Loss Prevention Stops Data Leaks

Stryker Corp. has sued a former employee for allegedly downloading multiple folders of data to a personal thumb drive before resigning. The former employee also deleted hundreds of documents from her company-issued laptop and cloud-based storage. The medical equipment company says the data includes highly sensitive information and trade secrets.

Stryker could have avoided this problem if it had robust data loss prevention (DLP) in place. A well-designed DLP solution would have prevented the employee from downloading and deleting the data.

DeSeMa has DLP built into our fully managed endpoint services. Whether an employee is using a device provisioned through our service, another company-owned device or a personal device, we will put controls in place to prevent data exfiltration and exposure.

Interested In Learning More?

Cloud graphic with a lock in the middle of it.

Identifying and Controlling Sensitive Data

If an employee is using one of our endpoint devices, we use tagging and automatic data analytics to identify sensitive data such as credit card numbers and Social Security numbers. We then prevent that data from being downloaded to thumb drives, burned to a CD or uploaded to unauthorized websites.

If you’re not on one of our endpoint devices, we can set permissions on particular types of data so that it is read only. We can also implement controls that only allow users to access particular data types from one of our devices or a secured company device.

Login screen with a lock graphic next to it.

Detecting Suspicious Activity

Even if a user has permission to access and modify a particular file, we have controls that understand geographic location. If a user has only logged in from Seattle for the last six weeks and is suddenly coming in from a different part of the U.S. or elsewhere in the world, we will up the authentication challenge required for access. Normally we would just give the user access to his files when logged in locally. If the user suddenly changes geographic location, we’re going to require multifactor authentication before granting access to the files.

We track things like impossible travel. If a user was in Seattle an hour ago and suddenly tries to log in from Dubai, we’re going to require multifactor authentication for even basic access.

We also have controls based on the volume of access. If a user has only accessed two or three project files at a time, then suddenly begins downloading the whole project, we’re going to require additional authentication.

Two phones with authentication codes on them.

Using Granular Authentication Controls

When we make these authentication challenges, we expire any existing tokens. There’s a hacking technique that tricks systems into accepting a previously authenticated token, allowing hackers to steal the token itself and bypass the authentication method. Automatically expiring existing tokens forces re-authentication.

However, we also use intelligent controls over authentication so that it won’t hinder productivity. If a user is signed in with multiple devices and is challenged on one of them, we won’t expire the tokens on all the devices unless the user fails the challenge.

One failed attempt will not be considered a total failure on that authentication. But if a user fails re-authentication after multiple attempts, and leaves the device in a failed state, we consider it breached. The user will be denied access on all devices.

Graphic that says "Cloud Back Up"

How DeSeMa Can Help

There’s really no reason for sensitive data to walk out the door on thumb drives, sit unprotected on consumer-grade cloud storage or be exposed on social media sites. A robust DLP solution with granular controls can prevent all these scenarios without hindering productivity. Contact DeSeMa to discuss our fully managed endpoint services and learn how we can prevent the leakage and exposure of sensitive information.

Get Started Today!

Contact Us