Data Loss Prevention Consultant: A Career With Unlimited Potential

The past three years have flown by and I cannot believe where we are now when it comes to Data Loss Prevention (DLP).

First a bit of background – I am the Principal Consultant for security at Insentra. I have been working as a Symantec consultant for ten years of which six have been at Insentra. My goal has always been to be a subject matter expert in security with a particular prowess across the suite of Symantec technologies. Most of my project work consists of Symantec Data Loss Prevention and Symantec Endpoint Protection implementations across Australia and New Zealand. I also work with an exciting array of other technologies such as encryption, two factor authentication, identity management, data classification and tagging.

Three years ago I started to investigate DLP even though at the time there wasn’t a lot of ‘opportunity’ or ‘interest’; I knew in the future it would be a high growth area so I pursued  the Symantec Data Loss Prevention certification. The certification was challenging given the size of the  Symantec DLP solution and its flexibility. When I received my certification I was pleased with my success. But that was just the beginning…

Slowly DLP opportunities started rolling in. Small ones with around 100 users and only a few detection technologies deployed. I found these to be the most valuable projects as they provided a solid foundation on which to build a DLP practice and provided a deeper understanding of the complexity organisations face when managing and protecting their data.

WHAT PEOPLE FORGET

Over the past three years the projects have grown in complexity and size. The last project completed was to build a DLP infrastructure to scan 28TB of data for a financial services organisation. It consisted of twenty-six servers and was focused on first finding existing Payment Card Industry (PCI)  data on both file shares and in Exchange, and then to continually monitor for PCI violations on endpoints. One of the important things that people seem to forget is how many millions of files and tens or hundreds of thousands of folders exist in 28TB of data. The DLP servers were integrated with optical character recognition (OCR) servers giving the system the ability to do scan image files as well as text files. Correctly sizing an infrastructure like this is paramount to get the best bang for your customer’s buck.

From a technology perspective the solutions are becoming more powerful and complex. DLP is moving beyond “data loss prevention”. It is a platform that can be used to find, classify, tag and encrypt data. The sky is the limit for consultants who want to do a lot of reading and travelling!

For those of us who are techies, we love technology because of the cool stuff it can do and how it can solve business problems. However, unless there is a customer who recognises they have a problem and wants to buy what you are doing you do not get paid. What I want to focus on next is the “why” of DLP. Why are our customers wanting our services?

WHY DEPLOY DLP

In my experience, there are four key reasons that our customers want to deploy a DLP solution:

PCI Compliance

The most common reason Insentra is engaged to assist customers with DLP is for PCI compliance[1]. The PCI standard is there to protect payment card information such as credit card numbers, CCV numbers and magnetic stripe information.

The majority of companies we have assisted are financial services companies. However, the scope of the PCI standard covers all merchants who use payment cards. PCI compliance can be a challenge because credit card numbers (CCNs) can contaminate data repositories. There may be CCNs in email stores, file stores, databases and backups. Below is a sample of questions that must be addressed when doing an DLP for PCI project:

  1. How do you find CCNs in the environment?
  2. What strategy do you use to remove the CCNs?
  3. How do you prevent the re-contamination of the environment with PCI data?

In organisations with thousands of users and terabytes of storage, PCI compliance requires people who understand data and a tool to identify and manage incidents.

General Data Protection Regulation (GDPR)

GDPR was approved by the General Council in April 2016 and came into effect this May (2018), with the intent to protect personal information for people who live in the European Union (EU). Under the GDPR, Companies must protect all information that can be used to identify a person such as name, address, phone number, social media posts and IP address.

Furthermore, the scope of GDPR is global. If a company is found guilty of violating the GDPR regulation they could be fined a maximum of 4% of their annual global turnover or 20 million Euros[2].

Under the regulation EU residents have the following rights:

  • Breach Notification
  • Right to Access
  • Right to be Forgotten
  • Data Portability

Who cares? The regulations are for the EU, right? Wrong! These regulations affect businesses globally. Therefore, if you are outside of the EU but have EU citizen data, your organisation is also bound by GDPR.

Australian Prudential Regulation Authority (APRA)

APRA covers deposit taking organisations such as banks, credit unions and insurance companies[3].

Some of the smaller financial services industry clients we have worked with have been subject to APRA audits which discovered the lack of a DLP capability. As a result, I was engaged to:

  • Assist the business identify data repositories
  • Identify data owners
  • Deploy a DLP infrastructure
  • Develop an incident response strategy

It is not uncommon to include PCI discovery with this piece of work like this.

Notifiable Data Breaches Scheme  

The Notifiable Data Breaches scheme is Australian legislation driving more companies to adopt a data loss prevention strategy[4]. The scheme came into effect 22 February 2018 and mandates Australian organisations with obligations under the Australian Privacy Act 1988, to notify a person if there is a breach of their personal information where that breach is likely to result in serious harm. This includes organisations such as:

  • Australian Government agencies
  • Businesses and not-for-profit organisations with an annual turnover of $3 million or more
  • Credit reporting bodies
  • Health service providers
  • Tax File Number recipients

When a breach occurs, the organisation must act.  When an eligible (serious) breach has occurred, the breach must be investigated to determine the severity and must promptly notify any individuals at risk of serious harm as well as notify the Privacy Commissioner in accordance with the notification requirements.

According to zdnet.com, 31 notifications were made to the Office of the Australian Information Commissioner (OAIC) in the first month since the scheme has been in operation. How many of these events could have been prevented if the organisations had personnel trained in the prevention of data loss and a tool such as Symantec Data Loss Prevention?

SUMMARY

I have provided a quick summary about why I got involved with data loss prevention and the drivers that are causing the opportunities to grow. As a DLP consultant, I am assisting my customers protect their most important asset, their information. I would encourage anyone who enjoys working with business processes as much as they enjoy working with technology to investigate a career in data loss prevention. This is just early days and the opportunities are endless.

Join the Insentra Community with the Insentragram Newsletter

Hungry for more?

[Secure Workplace]

Enabling DLP Within an Organisation

I have been working with Symantec Data Loss Prevention (DLP) ever since Symantec acquired Vontu. This technology has evolved a lot over time, but there is a lot more beyond.

[Secure Workplace]

Recovering from a Failed Audit and Preparing for Re-audit

By [Lee Foster]

If we are to accept the now common statement “Information is your most valuable asset” then it is fair to say this information must be protected and have controlled access.

[Secure Workplace]

Did I Hear You Correctly? You Can Add Web Proxy Functionality To The Symantec Endpoint Protection Using Symantec Web Security Service?

By [Ronnie Altit]

One of the strengths of Symantec Endpoint Protection (SEP) has been the simplicity of the SEP client. Since Version 11, the SEP client has provided antivirus, firewall, intrusion prevention, application and device control, application whitelisting and more.