Data leakage prevention plan

Background:

With the rapid development of computer and network technology, more and more enterprises rely on the power of informatization to carry out business and expand markets. Therefore, a large amount of data is stored in computers and network storage devices. In the context of big data, data is equivalent to the lifeline of enterprises, and its value is immeasurable. Therefore, many criminals are considering using data to exchange for money, and data security is facing threats from various aspects. In recent years, data breaches have occurred frequently. Data leakage incidents are generally caused by internal employee leaks or external attacks. External attacks such as Trojans, crawlers, ransomware, etc., while internal attacks are diverse, such as business personnel stealing data for profit, operations personnel destroying data to vent their anger, and internal employees leaking data without their knowledge. According to the 2020 Data Breach Investigation Report (DBIR) released by American telecommunications giant Verizon, which involved research from 81 countries, 55% of data breaches involved organized crime, and 30% of data security incidents originated from within the company. After conducting an in-depth analysis of data breaches in over 500 organizations worldwide, IBM Security has released the "2020 Data Breach Cost Report," which shows that the average cost of a data breach to businesses and organizations is $3.86 million. The annual survey results from Ponemon Institute, a leading international privacy and information management research organization, show that the mastermind behind information leakage incidents is no longer simply network hackers and malicious programs, but more data.
Information is leaked or stolen by internal employees of enterprises and institutions. Compared to traditional external theft, this malicious leakage from within is more targeted and covert, causing greater losses to the enterprise. Therefore, it is urgent for enterprises to adopt data leakage prevention measures to protect data security.

Policy:

In recent years, the country has issued multiple regulations and policies related to data leakage prevention, guiding enterprises to attach importance to their data assets. The Data Security Law of the People's Republic of China states that data processing includes the collection, storage, use, processing, transmission, provision, and disclosure of data. Data leakage protection runs through the entire lifecycle of data. Article 29 stipulates that risk monitoring should be strengthened when carrying out data processing activities, and remedial measures should be taken immediately when risks such as data security defects and vulnerabilities are discovered; When a data security incident occurs, a controllable interconnected world should be immediately constructed and disposal measures should be taken. Users should be informed in a timely manner according to regulations and reported to relevant regulatory authorities. Violating the Data Security Law and causing losses to others will result in civil or criminal liability. Equal protection 2.0 Level III equal protection (i.e., supervision protection level, applicable to the internal information systems of state organs, enterprises and institutions above the prefecture level, such as office systems and management systems involving work secrets, trade secrets and sensitive information) points out that it should be able to conduct independent behavior audit and data analysis on user behaviors of remote access and Internet access; The granularity of access control should reach the level where the subject is at the user or process level, and the object is at the file or database table level; Special departments or personnel should be designated to analyze and compile logs, monitoring, and alarm data, in order to promptly identify potential behaviors. In addition, regulations and policy documents such as the Personal Information Protection Law of the People's Republic of China, the Guidelines for Data Governance of Banking and Financial Institutions, and the Guidelines for Health and Medical Information Security all provide guidance on data leakage prevention and governance.
1. Definition and Discovery
Support defining data sensitivity based on data sources and document content, and achieving intelligent classification, grading, and visualization of terminal data through recognition of document formats and perception of document content.
2. Control and Protection
Through functions and technologies such as external channel control, access permission control, file encryption and decryption, secure computing environment isolation, data security flow, behavior auditing and tracing, we aim to create a comprehensive data security protection and information diffusion prevention system.
3. Collaboration and linkage
Collaborate with the secure data shuttle system to achieve secure data flow between different users across or within the network, and achieve resource access control through collaboration with the admission control system.
4. Complete functionality, mature solution, and large-scale application
Complete functionality: from admission control to terminal control, from content recognition to data protection, from behavior analysis to leak warning, from network to terminal, from application to content, from known risk control to unknown threat discovery;
Stable and easy to deploy: does not stain files, does not modify business systems, does not affect application access speed, builds a controllable interconnected world without specifying file system types or application versions;
Large scale application: Data protection solutions have been widely promoted in industries such as banking, securities, manufacturing, logistics and transportation, government, energy, and electricity.
5. Driven by scenarios, maximize business efficiency by providing various technical means and solutions for different types of users, data types, and usage environments to choose from, achieving the best balance between security protection and business efficiency.
6. Built in big data engine to ensure audit traceability effect. The big data engine supports parallel computing and horizontal linear expansion, realizing high-speed storage, calculation, and analysis of massive audit data.
7. Data diffusion prevention
The 'Information Nonproliferation Solution' can effectively solve the problem of diffusion of enterprise documents during the circulation process. The plan includes:
a) Multiple watermark generation schemes including plaintext, QR code, image, vector (invisible watermark), etc;
b) Different types of watermark effects can be automatically generated based on device and user information;
c) The different types of watermarks mentioned above can be triggered and loaded onto the device screen and printed copies based on the business system and file sensitivity level;
d) Employees can upload, publish, share, and outsource corporate documents through web pages, and administrators can exercise permission control and develop watermark schemes for these behaviors;
e) By integrating the enterprise business system with the DLP watermark server, the different types of watermarks mentioned above can be embedded into the business system pages and documents downloaded from the business system;
f) Triggered loading: Watermarks are only loaded when accessing critical business systems, editing important documents, or opening specified applications, and the impact of watermarks is minimized to the greatest extent possible.