Most technological concepts – especially with respect to IT -- leave you with your expectations crushed and usually fail to keep up to the hype and the sheer excitement levels we usually see with the launch of new technology. Beyond the marketing brouhaha and the shine of the brochures, there usually nothing but disappointment when time comes for the said technology to perform.
A GlassHouse Technologies research study[1] suggests that 57% of companies are worried about compliance regulations regarding data, over 15% are worried about Data Loss and breaches.
Data Loss Prevention (DLP) promises data protection, recovery, content protection ubiquitously and much more. Does it live up to the hype? Does it deliver? Here are some lessons right from the trenches:
Best way to use DLP – progressive deployment in stages
It takes time to understand new technology, to implement it effectively, step-up workflows and to align them with this technology and to fine-tune business processes. The best way to implement DLP then is to do a rain check. Start with one component, business process, department, etc and then spread it out to the rest of the organization. This will give you hands-on experience on how DLP works for your company. Monitor your deployment to reduce violation incidences and to prepare your company for better processes.
Dealing with Mistaken Content Identity
Deploying Data Loss Prevention has a sore point for most companies: dealing with the false positives. The triggers happen when data matches preset keywords and almost every other attempt to process 16-digit card numbers, for instance. Too many of these false positives and managing them is one step closer to hell. DLP has tools for managing false positives and an impressive quiver full of them, in fact. For documents, DLP uses partial document matching technology that employs alerts only if a few paragraphs match, as opposed to just keywords. DLP systems also have advanced tools for numbers, multiple violations,
Do you have a data Protection Culture in your company?
It might seem a moot point and yet another thing to include in your IT Policies but it’s an important once and best practices suggest that you promote the importance of protecting sensitive and critical data. Provide security awareness training to your employees on a regular, consistent basis.
When you allow employees to establish ownership of data, your workloads reduce thanks to the leverage due to this single step you take with regards to your IT implementation and management. Involve key team members across the organization and act on their feedback on policies and take remediation action – it’s an ongoing process.
Develop a DLP project plan for best results
Using technology is straightforward. However, setting the right workflow expectations, defining what data you need to protect, engaging business managers (especially those who are outside of IT security department, for instance) and going about DLP deployment in a phased, controlled manner is the tough part. Include crystal clear and achievable benchmarks with step-by-step instructions to reach these benchmarks. Find a way to integrate DLP solutions in your daily operations.
From the start, focus on DLP controls
Plenty of tools exist to help you with data control. You could start with policy, identifying data to be protected, enforcing these controls, measuring them for effectiveness and policy compliance. Perhaps, you can start with hard-drive encryption, deploy network monitoring tools and solutions, network analysis for files inbound and outbound, use of automated tools on network perimeters for keywords, sensitive data, Personally Identifiable Information, documents, etc. Alternatively, you could contact us for a customized solution for your company.
DLP Suites Work best
In our years of experience working with clients over a wide range of IT issues, we found that typically complete DLP suites work best. It does take considerable effort to deploy a full-scale DLP solution but it’s worth it. Such an implementation will need a thorough integration of well-defined data identification protocols, efficient work flow, policies, etc. If you are on a budget and cannot a all-out, full-blown DLP solution, you may consider specific DLP features – although not as good as a complete DLP suite, these do work.
That’s a lot for a small or medium business to handle with respect to Data loss prevention and that’s where we come in. If you need help, we have some of the fairest and most efficient solutions that you can count on. Check out our suite of consulting services, solutions and products to make a better decision.
Have you implemented DLP across your organization? What lessons have you learnt?
[1] Techrepublic – GlassHouse Research documents