InfoSec-Specific Executive Development for
CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive
labs to build you and your team's InfoSec skills
Data loss prevention (DLP) helps organizations address the risk of malicious or accidental data leaks. This piece explains how spending time understanding business drivers and the process behind the tools can help deliver more value from these solutions.
Successful DLP programs start with a lot of upfront planning. DLP can introduce some friction for business users, so your strategy should be to engage stakeholders right from the beginning to ensure everyone understands and supports the objectives of
the program and that expectations are set appropriately – especially with senior executives and business leaders. While there are numerous considerations when preparing for a DLP deployment, it is important not to overlook the following areas:
DLP tools generate many alerts that need attention. It helps to plan your response strategy well in advance of deploying software. Many organizations assume the security team will respond to all events. But an email event that triggers from a rule looking
for credit card numbers might indicate theft of data just as easily as it might be a legitimate business transaction over an insecure communications channel. Engaging privacy, compliance or even employee managers is a best practice for distinguishing
between poor business practices and malicious intent.
We also recommend visiting all software-based response options and automating them wherever possible. Most DLP tools can either block, force encryption, alert or quarantine sensitive data. Think about which scenarios will require human intervention and
which ones could be automated. DLP as a managed service (offered by Digital Guardian and others) could also be an attractive option for resource-constrained organizations.
DLP solutions generally take one of two approaches:
Choosing the right solution depends on your company’s requirements and what products might already be in place. For example, if your needs are relatively simple and McAfee is your desktop anti-malware solution, it wouldn’t make sense to deploy
Symantec Broadcom just for its DLP capabilities.
If you are primarily in the cloud, DLP is typically addressed with a cloud access security broker (CASB). Some key DLP vendors in this space include:
Understanding your requirements up-front will make product selection much easier. If you already have Microsoft E5 licensing and your needs are relatively straightforward, the Microsoft Information Protection toolset could be sufficient.
We recommend taking a phased approach with DLP deployments. Start with some simple objectives to prove the tools and the processes. For example, create an alert that triggers on a certain threshold of instances of credit card data in North America or
select a single business unit to monitor. The objective is to make sure the team responding to DLP alerts can handle the event volume and there are not too many false positives.
DLP programs take some time to add real value beyond basic blocking. Putting time into understanding business requirements and event response processes will ensure you’re getting the most value out of your investment. Remember:
When it comes to DLP deployments, start small, engage stakeholders and plan your processes in detail. Don’t just focus on products.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
January 20, 2022
By IANS Faculty
How sound is your data governance program? It all starts with the basics. Learn how to establish a solid foundation for your data governance program.
January 18, 2022
Learn how to put a workable data management and governance process in place.
January 13, 2022
Understand how the three lines of defense work and learn how to apply it properly inside your organization.