Although the need for data loss prevention has gained visibility among security and compliance communities in recent years, many organizations are still reluctant to adopt DLP programs. Often, this hesitation is based on a misunderstanding of the technology. The following are five of the top myths that detract from effective DLP strategy development.
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
5 Myths Killing Your DLP Strategy
1. 5 Myths that are Killing your Data Loss
Prevention Strategy
2. Background:
Although the need for data loss prevention has gained visibility among
security and compliance communities in recent years, many organizations
are still reluctant to adopt DLP programs. Often, this hesitation is based on
a misunderstanding of the technology. The following are five of the top
myths that detract from effective DLP strategy development.
2
3. Myth #1: DLP is not for the faint of heart
A common misperception about DLP is that it requires an
enterprise-wide effort to begin.
While many organizations will migrate to comprehensive
coverage over time, the most successful deployments
start small and focused.
Include business process owners in the discussion to
ensure their understanding and buy-in.
You can add another data category once
the pilot DLP program is running smoothly.
3
4. Myth #2: My network will choke
Inspecting each data packet as it travels on the network isn’t
necessary.
Instead, data should be classified as it is created or modified on the
endpoint.
Once classified, add a persistent classification tag is to data.
Intelligent endpoint agents can read these tags and enforce usage
rules based on data classification, user type, the requested action,
and other contextual aspects of data activity.
This results in better visibility and control, without network
latency.
4
5. Myth #3: DLP won’t work outside my network
Data loss prevention is simple to understand when applied to
devices inside your network, but many believe it’s not effective
outside the network or in virtual environments.
In fact, data-centric DLP works everywhere, because the
protection is applied directly to data, not the device, network, or
user account.
Applying DLP practices at the data level can automatically
prevent sensitive data from leaving your network.
It can also force any data that does leave to be
encrypted (and decrypted only by devices you
manage) or restrict transfers to approved
devices only.
5
6. Myth #4: Complicated content analysis is
required
As discussed, content analysis examines file contents for specific
patterns, such as social security and credit card numbers.
While this can be useful for PCI and HIPAA compliance, it isn’t a
requirement for effective DLP.
Contextual awareness allows for a simpler means of classifying
data automatically, simplifying classification and accelerating
DLP adoption while preserving the privacy of employee
communications.
Rather than examining data content, this method associates a
classification with pre-defined contextual characteristics.
6
7. Myth #5: DLP will interfere with legitimate use of data and
affect productivity
Modern DLP, applied at the data level, does not affect
legitimate users following corporate policies.
Endpoint agents can classify data automatically and
enforce policies transparently.
This data loss prevention approach will, if desired, block
unauthorized use, but it can also be used in non-obtrusive
ways, such as warning or prompting users about risky behavior.
This capability reinforces an organization’s security policies,
and provides timely guidance that allows users to self-correct
habits that put data at risk of loss.
7
8. Additional DLP Resources
8
Is your DLP program up to snuff? Use our Data Protection Vendor
Evaluation Toolkit to find out:
Get the Data Protection Vendor Evaluation Toolkit
For more on data loss prevention and the fundamentals of data
security, check out our Data Protection 101 Series:
Data Protection 101