&
Its Error Preventions
Data Loss Prevention (DLP) is a strategy to ensure that end
users do not send sensitive or critical information outside of the corporate
network. The term is also used to describe software products that help a
network administrator control what data end users can transfer
The
adoption of DLP, also called preventing data leakage , loss
prevention information or preventing extrusions , is being
driven by internal threats and state laws more stringent privacy, many of which
have components strict data protection or access.
Data Loss Prevention software products use business rules to
examine the contents of files and label sensitive and critical information so
that users cannot divulge it. The software can be useful for identifying
and tagging well-defined content (such as Social Security or credit card
numbers), but it tends to fall short when an administrator is trying to
identify other sensitive data, such as intellectual property. To
successfully implement corporate DLP software, you need to actively involve
staff at all levels of management in creating the business rules for labels.
Once
DLP software tools have been implemented, an end user who accidentally or
maliciously tries to reveal confidential information that has been tagged will
be disowned. In addition to being able to monitor and control
endpoint activities , DLP tools can also be used to filter data streams on
the corporate network and protect data at rest.
Here are some key points to keep in mind when implementing
and using data loss prevention (DLP) tools.
Data Loss Prevention (DLP) tools are very effective in reducing the
risk of sensitive data ending up where it shouldn't, but like any tool, if not
used properly, the results will not be positive. By avoiding some common
pitfalls, an organization can save time and money while better protecting
itself.
·
Set
the right expectations: One of the most common mistakes in DLP
implementations is not understanding what the technology is capable of, and how
to properly integrate it into business processes. DLP is not magic,
and different tools have different capabilities, especially in relation to
content analysis. None of them can fully protect all data from every
conceivable threat. DLP is about risk reduction, not threat
elimination. It is important to know what kinds of policies can be
defined, and what enforcement options are available, before starting an
implementation. Then you have to have the proper workflow to handle the
policy violations. While human resources and legal teams are rarely
involved in a virus infection, they can be intimately involved when an employee
tries to send a customer list to a competitor.
Establish a good baseline From the beginning; Know what data needs protection, the capabilities of the tools installed to protect it, and the workflow for handling incidents.
· Start with small, well-defined policies: DLP tools aren't necessarily prone to a lot of false positives, but build a bad policy and an organization will be inundated with bad results, or miss major losses. Start a simple, narrow-scope, single-policy installation in monitoring mode. Take the time to adjust the policy, until the expected results materialize, and then expand the implementation by adding policies and compliance actions.
· Use the right analysis technique, for the right content: I once spoke to an organization who complained about all of their DLP false positives, but it turned out that they had used a less effective content analysis technique than their DLP tool offered. By switching to a new technique (database fingerprinting, a "fingerprint" mapping methodology, and unique characteristics), the organization reduced false positives to an acceptable level.
Most of the time, false positives are real positives, but they denote content that does not pose any risk in that business context (for example, an employee using their personal credit card number on a website against card number abuse credit of a customer). Using the correct content analysis technique or adding context to a policy can reduce false positives,
· Clean logged data before uploading it to a policy: Some policies protect logged data, such as a database or document repository. However, scanning bad content will not provide effective results. For databases, be sure to undergo some data cleaning to remove bad content (often test data) that can create false positives. For example, one of my clients had '0' listed as a social security number in their database, causing every 0 in an email to trigger an alert. For unstructured documents, exclude common corporate letterheads or footers. It doesn't take long, and it will improve the results substantially.
· Start with good directory integration (and clean directories): DLP policies are closely tied to users, groups, and lists. It is important to ensure that the DLP tool integrates properly with the organization's directory structure, and uses the functionality that exists in most Data Loss Prevention Software to bind users with their dynamic client configuration protocol addresses (DHCP). Some organizations are sloppy with their directories, which can make it difficult to locate an offending user(or apply policies to the right people). Check the directories for bad data before integration, and then test to make sure the integration works properly (I would hate to fire an employee because the IP addresses were transposed).
· Work closely with business units, don't just initiate enforcement: Lastly, there is no guarantee that the effects of a DLP policy on business units will be fully understood. Work with the management of that unit, and then implement the policies, first in monitoring mode, and then in notification mode (that is, an employee is told when he or she has violated a policy, even if the action is not locked). Collect feedback to fine-tune policy to balance business needs and risk management.
DLP tools are a powerful way to protect
sensitive content. Although effective and efficient, failing to avoid the
pitfalls listed above can distance the business and lead to poor DLP results.
No comments:
Post a Comment