News

11:35 AM
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

The Dark Side Of Data Loss Prevention

Plugging data leaks requires more from IT than just software deployment.

3. Integration

In some cases, your DLP products will need to integrate with other security systems. In particular, many network-based DLP products must work with third-party ICAP proxies to prevent sensitive information from leaking out via communication channels such as HTTP/S, FTP, and IM.

Another likely integration area involves encrypted e-mail. For instance, if your company handles the personally identifiable information of a Massachusetts resident, as of March 1, 2010, you're subject to the new Massachusetts Data Privacy Law (CMR-201). Among the requirements of this new legislation is the rule to encrypt any personally identifiable information that must traverse the public Internet during the course of business. With a fine of $5,000 per customer record exposed or lost, this privacy law puts a significant price tag on even a small number of exposed records.

If your business practices require you to e-mail personally identifiable information within your organization, as well as to third parties or business partners, you might need to have your DLP appliance to forward e-mail to an encryption appliance. Unfortunately, not only have you just introduced another two hops into your e-mail routing process, but you've also introduced products from two separate vendors that you must now configure, manage, and troubleshoot. The same issues often apply on the end point, where organizations may run DLP as well as software that can encrypt files, folders, or the entire hard drive.

4. Administration

As mentioned earlier, network-based DLP technology can log and deny data transfers or communications that violate policy. However, as with intrusion-detection systems, not all actions can be automated, and network-based DLP will generate events that must be investigated and adjudicated by humans. The more aggressively you set your protection parameters, the more time administrators will spend reviewing events to decide which communications can proceed and which should be blocked.

In addition to administrators, your help desk staff may also see an uptick in calls because your employees are used to doing whatever they want with company data--attaching Excel files to Web mail accounts to download to a home laptop, saving loads of customer records to a USB drive, and so on.

DIG DEEPER
Defense In Depth And The Rise Of DLP Report
Security professionals are shifting from network protection to safeguarding information. Our exclusive report investigates the dynamics driving DLP and maps out a battle plan with tools, technologies, and best practices

If you're deploying DLP technology that prevents such behavior, be prepared to field complaints.

Plan Ahead

The range of features and reporting that you get from a robust DLP suite is impressive, and can be a critical part of a risk management strategy. But don't expect your DLP products to run themselves. Be sure your IT and security operations teams understand what they're getting into with a DLP rollout, and that sufficient resources, both human and financial, can be committed to ongoing maintenance. DLP must be managed consistently to minimize the burden on employees while ensuring solid security. Finding that balance requires work, but the benefits outweigh the drawbacks.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
2014 State of Unified Communications
2014 State of Unified Communications
If you thought consumerization killed UC, think again: 70% of our 488 respondents have or plan to put systems in place. Of those, 34% will roll UC out to 76% or more of their user base. And there’s some good news for UCaaS providers.
Video
Slideshows
Twitter Feed