Προστασία εμπιστευτικών πληροφοριών : η τεχνολογία πρόληψης διαρροής δεδομένων - (Data Leakage Prevention DLP) - στην υπηρεσία της ασφάλειας πληροφοριών
KeywordsΠληροφορία ; DLP ; Πρόληψη απώλειας δεδομένων ; Απώλεια δεδομένων ; Εμπιστευτικότητα ; Ιδιωτικότητα ; Διαρροή ; Ασφάλεια
Information and data leakage pose a serious threat to companies and organizations as the number of leakage incidents and the cost they inflict continues to increase. Whether caused by malicious intent or by an inadvertent mistake, data loss can diminish a company’s brand, reduce shareholder value, and damage the company’s goodwill and reputation. Data Loss Prevention (DLP) has been studied both in academic research areas and in practical application domains. Data loss prevention solution is a system that is designed to detect potential data breach / data ex-filtration transmissions and prevent them by monitoring, detecting & blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage). In data leakage incidents, sensitive data is disclosed to unauthorized personnel either by malicious intent or inadvertent mistake. Such sensitive data can come in the form of private or company information, intellectual property, financial or patient information, credit-card data, and other information depending on the business and the industry. The terms "data loss” and "data leak” are closely related and are often used interchangeably, though they are somewhat different. Data loss incidents turn into data leak incidents in cases where media containing sensitive information is lost and subsequently acquired by unauthorized party. This thesis provides a structural and comprehensive overview of current research and practical solutions in the DLP area. Existing solutions have been grouped into different categories based on a taxonomy described in the book. The taxonomy presented characterizes DLP solutions according to various aspects such as leakage source, data state, leakage channel, deployment scheme, prevention and detection approaches, and action taken upon leakage. In the commercial section solutions offered by the leading DLP market players are reviewed based on professional research reports and material obtained from vendor Web sites. In the academic section available academic studies have been clustered into various categories according to the nature of the leakage and the protection provided. Next, the main data leakage scenarios are described, each with the most relevant and applicable solution or approach that will reduce the likelihood or impact of data leakage. In addition, several case studies of data leakage and data misuse are presented. Finally, the related research areas of privacy, data anonymization, training employees and the general characteristics of an effective DLP system are discussed.