Developers' Guide to Data Loss Prevention: Best Practices and Strategies

What Does Data Loss Prevention Do?

Throughout 2023, a private research university discovered multiple breaches of its data. In August 2023, an American educational technology company found that millions of its users’ email addresses had been scrapped. In early October 2023, a genetic testing company had about one million fields of user data stolen. 

We don’t know if data loss prevention (DLP) technology played a part in the discovery of the activity involved in these and other breaches, but these breaches highlight the vital importance of knowing where data goes, when — all those W questions. 

To DLP or Not to DLP

Data loss — whether intentional or accidental — can have far-reaching consequences for companies. In recent news, a password manager company is facing reputational loss. In an attempt to repair the loss, according to a spokesperson, since the breach, "The company also invested in a secure access service edge (SASE) deployment and improved logs and alerts in its security orchestration, automation and response (SOAR) platform.” 

There are two sides to the coin: It's great that the company is improving its system! But onlookers have to wonder if it would have been better — especially given the nature of the company — to put the investment up front.

The ability for companies to truly know what all goes on with their data helps alleviate the feeling that many consumers have about the typical apology, as in: "Oops, we’ve been hacked and unfortunately the cyber thieves now have your personal details. Sorry about that.”

Consequences

Here are a couple of areas and several specifics where consequences of data loss truly matter:

Consequences for Individuals

• Financial loss: Data breaches can lead to unauthorized access to accounts, resulting in lost monies.
• Identity theft: Criminal hackers can use exposed sensitive information to steal someone's identity, causing long-term financial and personal damage.
• Damage to credit score: Identity theft and fraudulent activities can negatively impact an individual's credit score.
• Loss of trust: Individuals may lose trust in the company or organization that experienced the data breach, affecting their willingness to provide further personal information.

Consequences for Businesses

• Financial impact: The cost of a data breach can be substantial, including expenses for forensic investigations, legal fees, and compensation to affected individuals.
• Lost intellectual property: Data breaches can result in the theft of valuable intellectual property.
• Compliance and legal consequences: Companies may face legal and regulatory penalties for failing to protect sensitive information.

The Benefits of Implementing DLP Best Practices

The breaches, activities, and consequences above are just samples of the many reasons for companies to provide their developers the right investment in setting up a proper ecosystem to protect company technology and data.

Where’s the magic “Book of Best Practices?”

There is no single source of truth, of course. But there are lists upon lists available, and I’m here to provide one more. And this is primarily a list — adding detailed guidance would go beyond the scope of this article. But I hope what’s presented reinforces the concepts that a) there’s a common thread through all the ethereal ink spilled over the subject, and b) breaches occur most often when these best practices are overlooked (and, yes, these foundational practices in toto are not easy — listing is simple, but implementing is another story).

Data Classification and Labeling

Developers typically aren’t involved in data classification, but are directly involved in ensuring the classifications and the accompanying protections are followed. And following the classification schema is of paramount importance when it comes to remaining compliant with regulations and compliance requirements.

Data Inventory and Mapping

Create a comprehensive inventory of all data assets, identify where sensitive data is stored, including on-premises and in the cloud, and develop data flow diagrams to track how data moves within and outside the organization.

Access Control and User Permissions

Wherever possible, implement role-based access control (RBAC) to restrict data access, enforce the principle of least privilege (employees should only have access to the data they need to perform their job), monitor and audit user activities to detect unauthorized access, and enforce MFA.

Encryption

Use strong encryption protocols and key management practices, and implement end-to-end encryption for communication and collaboration tools.

Data Loss Prevention Tools

Deploy DLP solutions and tools to monitor and protect data, configure DLP policies to detect and prevent unauthorized data transfers, and set up alerts and notifications for potential security incidents.

An important aspect of DLP is data lineage, which “entails being able to see in real-time the actions being taken against sensitive data at a granular level.” These real-time insights are crucial for data protection.

Incident Response Plan

Create an incident response plan that outlines how to handle data breaches, establish a breach notification procedure to inform affected parties,  and test the incident response plan through simulations and drills.

A recent good example of attending to alerts/incident response:

In September 2023, 1Password — after the Okta breach — said “…they received an email indicating that they had ordered a report including a list of all 1Password admins. Knowing they didn't order this report, the company's incident response team was quickly engaged. They found a suspicious IP address and later realized the unknown attacker accessed the company's Okta instance with admin privileges." 

Additionally, "Immediately following the suspicious activity, 1Password said, it changed all of the IT team members' passwords, restricted their multifactor authentication capabilities to a Yubikey, and locked down their Okta accounts in multiple ways." 

One of the most important policies, procedures, and tasks to ensure work well is the incident response process.

Continuous Monitoring and Auditing

Regularly monitor and audit data access and usage and use behavioral analytics to detect unusual or suspicious activities.

Regular Updates and Improvement

Continuously update DLP policies and technologies to adapt to changing threats.

Data Governance

Data governance (perhaps this should come first!) takes research (initial duty of care), stewardship (ongoing due diligence), and governance (continuous monitoring). Establish a strong data governance framework to ensure data is managed effectively and securely. This is another area where developers typically don’t have direct input but will be directly involved in ensuring its implementation.

The Data Life Is a Busy One

Processing, analyzing, and securing data is more than a full-time job, much more detailed than what any group can do themselves. But with the right people, technology, and processes, it becomes possible to develop a secure, dependable, and user-friendly application, while maintaining quality, ones’ sanity, and trust in the product.