https://www.securityforum.org/research/data-leakage-prevention-briefing-paper/ This presentation, drawn the the ISF's latest Data Leakage Prevention briefing paper, provides a 3-phased approach to implementing an effective data leakage prevention programme, that goes beyond installing DLP tools and technology. By implementing a DLP programme, organisations can significantly reduce the risk of data leakage to protect their reputation, avoid litigation, meet regulatory obligations and protect IP’s.

1. ©2018 Information Security Forum Limited
Footer 1
Data Leakage Prevention (DLP)
Information Security Forum: Briefing Paper
By Dr Emma Bickerstaffe
Senior Research Analyst, ISF

2. ©2018 Information Security Forum Limited
Footer 2
Data Leakage Prevention (DLP)
“the practice of detecting and preventing unauthorised disclosure of data”
Why do organisations need a DLP programme?
• Organisations handle a plethora of sensitive data (e.g. trade secrets, customer data,
pricing lists, acquisition plans).
• This data can be leaked to unscrupulous competitors, organised criminal groups and
other entities via a multitude of channels, including email, the internet, portable
storage devices and cloud services.
• Data leaks can be expensive, harm an organisation’s brand and reputation, and
diminish trust.
• A comprehensive, structured and systematic DLP programme can significantly reduce
the risk of data leaking.

3. ©2018 Information Security Forum Limited
Footer 3
• When DLP technology first came to market, interest
quickly waned due to the complexity of deployment,
cost of investment and inability to demonstrate
business value
• Cloud adoption, mobile computing, remote working
and new regulatory requirements (e.g. GDPR) have
triggered a renewed interested in DLP
• DLP technology has matured to become a
mainstream security control
• 42% of surveyed ISF Members have implemented
DLP and a further 45% are either running a DLP pilot
or planning for deployment (as of July 2018).
Resurgence of DLP

4. ©2018 Information Security Forum Limited
Footer 4
• Detect what data is leaking out of your organisation
• Prevent incidents of data leakage
• Support compliance with legal, regulatory and
contractual requirements
• Gain visibility of data usage and movement
• Improve security awareness of users
• Enhance brand image and competitive advantage
Benefits of DLP
Survey results of ISF members who have
implemented a DLP programme

5. ©2018 Information Security Forum Limited
Footer 5
• ISF Members reported that DLP can be a success when approached
as part of a dedicated programme as opposed to a set of tools
• DLP is inherently linked to business operations. A DLP programme
should be designed to address a business problem; not just a
technology issue
• Success of a DLP programme requires significant effort and
resources, as well as effective business engagement
• To treat DLP as a ‘fix and forget’ solution that can be achieved
through technology alone will result in failure
• Implementation of a DLP programme is a multi-phase undertaking
DLP as a programme – not a tool

6. ©2018 Information Security Forum Limited
Footer 6
Core activities of DLP

7. ©2018 Information Security Forum Limited
Footer 7
Core activities of DLP “Data only protects what you
tell it! Plan and understand the
environment, have data
classification and know what it
is you are trying to protect” –
ISF Member

8. ©2018 Information Security Forum Limited
Footer 8
Attributes of a successful DLP Programme
“You may (likely will) find that your programme
will succeed or fail based on the buy-in that you
get from your business partners”
– ISF Member

9. ©2018 Information Security Forum Limited
Footer 9
There are gaps in the coverage and capabilities of DLP tools
due to the following factors:
• dispersal of data across different environments, causing some data to remain beyond
the reach of DLP tools
• coverage of DLP tools is limited to digital data
• detection of data needs business input. Half of surveyed ISF Members found it
challenging to identify what data to protect using DLP tools
• DLP controls can be circumvented. Efforts are focused on a select few channels of data
leakage, allowing malicious insiders to evade DLP controls and exfiltrate data.
• An overload of DLP policy violations can compromise effectiveness.
• Organisations are reluctant to ‘block’ for fear of disrupting business activities.
Challenges and Limitations “DLP isn’t something you
switch on and everything is
protected” - ISF Member

10. ©2018 Information Security Forum Limited
Footer 10
• Deploy DLP incrementally – any attempt to simultaneously protect all data from the
outset is destined to fail
• Executive-level support is a prerequisite to a successful DLP programme
• For global organisations, consideration should be given to how a DLP policy applies
across multiple jurisdictions
• Leverage DLP implementation to improve security awareness, fix insecure business
processes and provide training on the proper handling of data
• Ensure you have adequate resources to deploy DLP effectively. Implementation and
maintenance can incur ongoing costs that you may not expect.
• Both technology and the business evolve at a very fast rate, therefore the DLP
programme will need to be frequently reviewed, tuned and refined so that it stays up to
date.
• Don’t let DLP be an after thought, protect what is yours before it’s too late!
Key Takeaways

11. ©2018 Information Security Forum Limited
Footer 11
Thank you
To download the full briefing paper visit:
www.securityforum.org/research/data-leakage-prevention-briefing-paper/
For more on the ISF:
Web: www.securityforum.org
ISF Twitter: @securityforum
ISF LinkedIn: linkedin.com/groups/760947
ISF Podcasts available on:
www.securityforum.org/podcasts-videos/
or download on iTunes: www.itunes.apple.com/gb/podcast/isf-podcasts/id1180646163?mt=2