Data Loss Prevention
Data loss prevention (DLP) solutions offer various methods to monitor and protect confidential information, typically these solutions
will validate and confirm applications prior to allowing data transfer. Data use and network traffic is usually monitored, different
restrictions can be applied to users such as prohibiting copy and paste operations or the ability to take screenshots. Content-aware DLP
can typically apply a policy dynamically, for example reporting, tagging, logging, applying rights management protections can be done
on the fly. Requirements for maintaining content-aware DLP vary significantly between vendors with many enterprises still struggling
to define their policies clearly and comprehensively. Broadly speaking, DLP technologies can be defined as systems that perform deep
content inspection of data at rest or in motion, with the ability to perform some level of remedial action. Detection techniques must be
sophisticated and extend beyond simple keyword matching, such as partial and exact document matching, data fingerprinting, lexicon
analysis and machine learning methods.
Unlike basic security systems such as firewalls, anti-virus, access control and intrusion detection, DLP is specifically designed to tackle
data breach threats. These systems can be divided into two categories, content-based analysis and context-based analysis. A contentbased approach inspects data with the aim to protect information from being exposed in different states (at rest, in motion, in use), its
core use is to prevent accidental data loss. Context-based approaches mainly perform analysis of meta information or surrounding
data, monitoring and profiling the behaviour of regular users to therefore identify intruders. Despite a large body of research on DLP,
preventing large scale data breaches remains a serious problem.
The future of this technology still holds many opportunities. In the world of big data, where large volumes of information from
different sources are generated, machine learning and artificial intelligence techniques will be increasingly deployed. Such techniques
can highlight anomalies within applications and can be applied to both content and context analyses. As the algorithms used become
more advanced, they show promise in assessing and solving problems in complex scenarios.
A key factor for data protection in organisations is human behaviour. Individuals are ultimately responsible for maintaining regulations,
classifying data and the adoption of appropriate security measures. Institutions can try their best to force employees to comply with
strict regulations by using various control mechanisms, including monitoring and surveillance, however it often proves ineffective with
users sometimes intentionally leaking data through an ever growing range of communication systems. Cooperation and agreement
from employees is fundamental to ensuring strong security practices.
Blockchain Solutions
So how does blockchain fit into the future of data security?
This technology can provide some unique solutions for ensuring individuals data remains secure. As we
have seen from recent leaks, having millions of data points stored in a single location can serve as a
significant incentive for determined individuals, state actors and organised crime. With blockchain, it is
possible to hand this control back to the owners of the data. Where traditionally services use a top
down approach to identity verification and security authorisation, with blockchain it is possible to consider a bottom up approach.
The basic idea is that a blockchain can ensure the validity of users based on public key cryptography and a consensus mechanism.
Compared to traditional identity management systems that use a centralised database, personal data would not leave your device and
can be requested by the service as and when needed. Data can only be transferred with your express consent via a smart contract, the
other party can only view information authorised by the individual with the smart contract code being open for anybody to review. Your data would never sit on the blockchain itself, instead the blockchain would provide a credential; a form of
digital ID allowing data to remain on your own system and only your device can authorise access.
This can already be seen in a nationally deployed system by Estonia. Since 2013 the Estonian government registers all citizen and
business related information on a distributed ledger with keyless signature infrastructure. Using a national ID, citizens can vote, bank,
view state records, file taxes, order prescriptions, submit planning applications and fulfil around 3000 other functions. Businesses can
issue shareholder documents, apply for licenses and file annual reports. Government officials use their ID to encrypt documents,
submit requests to law enforcement, approve various permits and applications amongst many other things. Blockchain allows for every
piece of data to be recorded with the faith that it is not being altered at a later date, providing proof of time, identity and authenticity.
Citizens can see exactly who reviewed their data, why and when, providing a welcome layer of transparency.
This possible future is quite exciting. Services like Storj offer decentralised cloud storage, where files are encrypted, split into pieces
and distributed across a global network. World Economic Forum initiative ‘KTDI’ brings together individuals, governments, authorities
and travel services to enable cross-border travel without the need to present physical documents by leveraging blockchain. Companies
are placing blockchain wallets with cryptocurrencies on their servers as honeypots that they can monitor, once funds are removed it
triggers an alert that the system has been compromised. Organisations such as the World Wide Web Consortium (W3C) are currently
working on concepts for decentralised identity standards. Such standards can allow for the linking of users with their associated data
without requiring central authorities, giving control back to users over their personal information and potentially mitigating the threats
posed by the large scale data breaches we see today. Blockchain makes it possible to obtain strong proof that a credential is genuine
without the need for users to upload sensitive documents to third-party services.
Post Quantum Cryptography
Significant advances are being made in the field of quantum computing. Much has been said about the potential for this novel type of
computer, if successfully deployed on a consumer scale it threatens the underlying cryptographic standards we currently enjoy. The
aim of post quantum cryptography is to ensure that new standards are developed to secure against both conventional computers and
the new breed of quantum based machines.
Public key cryptography is a fundamental component of our digital infrastructure. It is used to secure our applications across the
internet, including the underlying encryption method used in blockchains. As early as 1994 it was shown that quantum computers
could efficiently break the underlying rules used in modern communication systems, from key exchange to encryption. In the following
20 years, quantum algorithm theory has developed significantly. How far the advantages of quantum computing can be pushed
compared to classical models is still not fully known, however as the technology matures it has researchers already looking at ways to
ensure we can keep our core digital systems operational.
Blockchains that power technology such as Bitcoin typically use SHA-256 encryption for securing the chain. Still a hot topic of
conversation, traditional hash functions are believed to be able to withstand quantum attacks. New hash functions have been
proposed by academics, but also specific post-quantum initiatives have been launched for the most popular blockchains. Bitcoin postquantum uses a unique digital signature scheme and Ethereum has plans to include quantum resistant components such as zk-STARKs.
Summary
As the world relies more heavily on interconnected services and applications, the potential erosion of privacy grows as personal
information being collected by the myriad of organizations is routinely breached. Firmly in the midst of ‘the information age’, it is up to
citizens around the globe to decide how we progress and determine what protocols and standards will ultimately control the flow of
data.
From advanced machine learning algorithms to decentralized blockchain solutions, it can be hard for the average computer user to
make sense of all the different options available. The reality is that simple steps to protect ourselves are often the most effective.
When questioned, 55% of survey participants acknowledged that they use the same password across different accounts. Unique and
strong passwords are a basic security step that can seriously improve an individual’s safety when using the internet. Other helpful
requirements such as two-factor authentication drastically enhance access control measures, if your data is compromised it adds a
layer of safety to our accounts. Fortunately, a big push by organizations to require such checks reflects in the survey results; a
whopping 84% of respondents confirmed that they use two-factor authentication.
In the meantime, it is of paramount importance to keep applying pressure to the institutions that hold our data to adhere to strict
security regulations and practices. When breaches do occur, prompt remediation actions must be maintained and full disclosure
regarding the nature of data leaks should be the precedent. Whether blockchain will usher in a new paradigm where users have more
granular control over access to their information, is yet to be seen. It is however safe to say that it will be thoroughly exciting to
witness this technological space evolve, let us hope that the direction taken is a positive one that prioritizes the protection of citizens
data and their privacy.