DATA LOSS PROTECTION SYSTEM OVERVIEW

© JointAction Group Pty Ltd 2023
DLP Systems Overview Rev 1 
August 2023


Introduction

As JointAction Group is a company leveraging Google Cloud Services, the security, integrity, and availability of our data is of paramount importance. The purpose of this document is to provide an overview of the Data Loss Protection (DLP) system that we have implemented to mitigate the risks associated with data loss and unauthorised data access. 


Objective 

To ensure the complete protection of sensitive and critical data that is stored, processed, or transmited within our organisation or through Google Cloud Services. Our DLP system aims to prevent data breaches, data exfiltration, and unauthorised data modification or deletion. 


Scope 

This DLP system covers:

  • Data at rest in Google Cloud Storage, Firestore and BigQuery

  • Data in transit to and from Google Cloud services

  • Data being processed by Google Compute Engine, Google Kubernetes Engine, or Cloud Functions 


DLP System Components 

Access Controls 
IAM roles and permissions are strictly defined to ensure that only authorized personnel have access to sensitive data. We utilize Google's pre-defined roles and also custom roles to restrict access at a granular level. 

Encryption 
Data At Rest: All sensitive data stored in Google Cloud Storage, Firestore and BigQuery is encrypted using Google’s encryption algorithms. 

Data In Transit: TLS is enabled for all data that is transmited to and from Google Cloud services. 

Backup and Redundancy 
Data is backed up regularly in geographically distributed Google Cloud Storage buckets to ensure high availability and disaster recovery. 

Monitoring and Auditing 
We utilise Google Cloud Monitoring and Google Cloud Audit Logs to constantly monitor data access and system events. Alerts are set up to notify the admin team of any suspicious activity. 

Endpoint Security 
We employ endpoint security solutions to ensure that data accessed from remote locations or personal devices complies with our DLP policies. 


Data Classification and Policy Enforcement 

Data is classified into the following categories: 

  • Public 

  • Internal 

  • Confidential 

DLP policies are enforced according to the data classification. For example, "Confidential" data can only be accessed by senior management and specific members of the tech team and is subject to multi-factor authentication. 

Incident Response 
In the event of a suspected or confirmed data loss incident, our incident response team will follow a pre-defined set of procedures for containment, eradication, recovery, and lessons learned, which are outlined in our Incident Response Plan. 

Compliance 
Our DLP system is designed to comply with GDPR, CCPA, and other relevant data protection regulations. 

Monitoring and Review 
This DLP system is subject to regular reviews, including penetration testing and compliance audits. Any changes or updates will be documented and communicated to all stakeholders. 

Conclusion 
Our DLP system is a comprehensive solution aimed at safeguarding our organization's sensitive data within Google Cloud Services. With the proper implementation of access controls, encryption, and monitoring tools, we aim to prevent data loss and unauthorised data access. 

This document is a living resource and will be updated as necessary to reflect changes in technology, compliance requirements, or threat landscapes.