Critical Data Defense: Records Protected by DLP (Data Loss Prevention)
Data Protection in All States
Data must be protected in all states, when in use, in motion, and at rest. Data in use is data that is actively being accessed, processed, or updated. Data in motion is data that is being transmitted from one source to another. Data at rest includes any data that is stored and not actively transmitting from one source to another.
Data Loss Prevention
HealthEdge understands how critical it is to protect data, in all states, with a layered security strategy. As part of this strategy, we deploy Data Loss Prevention, or DLP, tools that monitor sensitive data, which alerts our security operations team to any potential findings. We also implement continuous training for everyone on the HealthEdge team. DLP ensures sensitive data is not exfiltrated from managed to unmanaged sources, such as transferring data from our corporate cloud storage to a personal storage and/or device. DLP policy configurations are designed to discover and protect data in real-time on the corporate network, endpoints and the cloud.
- Protecting the Network – DLP monitors data in all states on the corporate network and prevents data from being transmitted internally if it violates any HealthEdge information security policy.
- Hardening Endpoints – DLP monitors company endpoints and prevents data misuse and loss from endpoints both on and off the corporate network, including web traffic or email usage.
- Securing the Cloud – DLP monitors data on authorized cloud applications and prevents unauthorized and unsecure data transmission and unauthorized access.
Security Information Event Management and User Behavior Analytics
Security information and event management, or SIEM, collects logs and events from the HealthEdge environment. This capability allows our security operations team to analyze threats that have been identified by correlating data from different log sources. “Normal” behavior, such as where a user authenticates from and accesses data, are used to establish baselines. If the logs indicate a change in the baseline, an alert will trigger, and our security team will investigate further. This process is known as user behavior analytics, or UBA.
Log and event correlation can detect changes in access, authentication, or account changes. If a user attempts to access sensitive data using an unauthorized account, such as an employee account versus an administrative account, an alert will trigger additional analyses. If a user attempts to override established privileges, access will be blocked, and the attempt will be recorded in the user logs. Users are assigned risk scores based on role and privilege. When users attempt unauthorized access, even if blocked, the user’s risk score will increase. The greater the risk score, the greater the monitoring.
User Education and Awareness
The security operations team utilizes a hands-on approach, ensuring users with an increase in risk are aware of responsibilities to be good stewards of data. Humans make mistakes and the tools we deploy to prevent data loss work in conjunction with good cyber hygiene. In addition to notifications letting the user know the access or transmission has been blocked, security operations will reach out to the user directly to review information security policy requirements and answer any questions they may have regarding DLP. Security education and awareness is a continuous process and the HealthEdge team is the first line of defense when protecting data.