Data of CENTROPOL ENERGY customers and employees is safe thanks to the DLP system

The energy market and its environment in the Czech Republic in 2002 was significantly affected by its liberalisation. Immediately after this significant legislative change, CENTROPOL ENERGY entered this area of business as one of the few companies. Since 2006 it has been a stable supplier of electricity and a year later it also started supplying gas. Today, the company is trusted by roughly 300,000 clients, and new clients are being added all the time. However, in order to prevent clients and customers from being exposed to the growing trend of cyber threats, it was necessary to respond to this situation with security measures, of which we were a part.

CENTROPOL ENERGY has a long-standing and systematic commitment to improving cybersecurity. One of the goals in this area has been to maximise the protection of data from intentional or unintentional loss. Data loss or compromise can occur in a variety of ways - via email, web, FTP, etc. The loss of confidential data can lead to significant financial losses, legal problems, theft of personal customer data and, last but not least, the loss of a company's reputation. It is for these reasons that the company decided to implement a DLP or data loss prevention system.

You can imagine DLP technology as an agent on client endpoints, servers, network infrastructure or cloud services. These agents control the handling of sensitive (classified) data by the user on the endpoint, databases, file servers, network traffic, or cloud services. The deployment of DLP will then allow, among other things, to comply with some of the GDPR requirements under the EU regulation.

The basis of DLP is the classification of sensitive data. Classification can be performed using different methods. In content-based data classification, the DLP agent searches for sensitive data in a document as the user works. Next is contextual data classification, which, regardless of content, indicates data types, size or location to fingerprint methods or machine learning. The correct choice of classification method, the piecing together of different classifiers in classification rules, the definition of thresholds or exceptions then creates a complex classification scheme that allows for very accurate detection of corporate data that needs to be protected.

Applications in the company
At CENTROPOL ENERGY, we have a data classification set up along the following lines. The classification covers all sensitive data of the company, both in terms of data content classification and data context classification. Both sensitive company data and certain types of files, including encrypted data, are monitored. Rules are set to detect sensitive company data as accurately as possible. This is done both by building different classifiers within the rule and by using thresholds to trigger the classification.

The DLP policy then determines how data leaving the user's computer will be treated. Sensitive data is monitored, sanitized and possibly blocked through the various communication channels. We handle this based on the user's affiliation in the workgroup, the method of communication, or the sensitivity of the data. We monitor and protect all available communication channels, starting with email, uploads to web portals, storage on USB drives, printing, IM systems, cloud services or FTP data transfer and print screen. You can always choose how the DLP agent treats certain types of data and communication channels. Internal communication is usually monitored. Sensitive data that leaves the company is already subject to more control. For some, a warning is set and a justification is requested as to why sensitive data is sent by authorized users. This method very significantly reduces data leakage from the company without the need for blocking - the user knows that his activity is being monitored and bears full responsibility.

DLP as a silent agent
It is necessary to add here that the DLP system does not restrict the user in his work, whether it is creating documents, editing or deleting them, or exchanging data between co-workers or partners, but protects the data in case of their unwanted sending outside the company, whether wanted or unwanted, caused for example by user error.

Deploying DLP is not a simple process and requires both knowledge of the environment of the data to be protected and knowledge of the DLP technology to be deployed. That is why we chose a technology partner for the deployment and subsequent maintenance of the DLP system, which, based on the company's requirements, was able to deploy the DLP system with the greatest possible accuracy and maintain it during the changes that occur from time to time in any company - new types of data, new technologies or new ways of communication. If you are interested in DLP technology, find out more in this product fact sheet.