Developing and Assessing your DLP Strategy (Part 5)

Number: IRCAR201510281

Date: 2015-11-21

DLP tools

DLP solutions can consist of a number of different tools such as data discovery tools, network tools, monitoring tools, reporting tools, etc.

Data discovery is a very important element of data loss and leakage prevention because you can’t protect the sensitive information if you don’t know which information is sensitive and where it is located – and that means all copies, not just the primary copy. One thing that a good data discovery tool can do is find unencrypted data and then carry out your policies by automatically encrypting the data, removing it, notifying the data owner and/or stakeholders, or other action that you specify. In addition to detecting unencrypted individual files, it can find those shares/folders that are not encrypted and move the data to a location that has better access controls or encrypt the data in its current location.

Remember that data discovery is not just a one-time process. You can set your DLP tools to continuously scan for sensitive data, you can do it at pre-determined intervals such as daily, weekly or monthly, or you can perform data scanning on demand, for example in preparation for or as part of a security audit or in response to a known or suspected change in the data status.

Whereas discovery tools are focused more on data within the organization’s network, network tools can be used to identify sensitive data that is about to leave the network and ensure that it is encrypted while in transit. Remember that different encryption technologies are used to encrypt data at rest vs. data in transit; in the latter case you want to encrypt not just the data itself but the channel over which it is transmitted.

Monitoring tools can log who accesses (or attempts to access) data that has been classified as sensitive, and can record any changes that are made to the data itself, to its metadata, permissions, and so forth. Monitoring tools can detect when sensitive data is copied, moved or deleted, as well.

Reporting tools are capable of taking the information that is collected by the monitoring tools and putting it into usable and easily understandable format for the use of administrators, auditors, and managers. Reporting features can generate incident reports when DLP policy violations are detected and allow you to set alerts to automatically email or otherwise notify admins of the situation so that you can remedy it as quickly as possible.

DLP best practices in a “mobile first, cloud first” era

Mobility and the cloud bring heretofore unheard-of convenience for users but they complicate the lives of those charged with maintaining security. Data loss and leakage prevention in a mobile + cloud world has many inherent challenges, not the least of which is the shift of focus from protecting just the network to protecting the endpoints.

The biggest challenge is how to protect the data without unduly restricting what users can do. In the past, IT often took a “scorched earth” approach to security, locking down everything and allowing users as little leeway as possible on the premise that it’s better to be safe than sorry. In today’s BYOD, telecommuting, team-oriented business environment, that’s no longer desirable or even possible.

Today’s DLP solutions must now be able to protect data according to corporate policies even when that data is on devices that are outside of the corporate network. This means managed devices. Endpoint DLP relies not on just one technology but a combination: host-based firewalls, anti-malware software, encryption, rights management, content-aware USB/removable media controls, and so forth.


Here in Part 3 of our series of articles on how to go about developing an effective data loss and leakage prevention strategy, we took a look at the third element that impacts planning for DLP: practices. In the fourth and final installment in this series, we will focus on the last and in many ways the most important element: people.



The Wall

No comments
You need to sign in to comment

news specifications

Added 2 Azar 1394


Your rate:
Total: (0 rates)