THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
Data Loss Prevention (DLP) may be one of the most misunderstood areas of IT Security. Deploying a DLP solution can help to protect a company from unintended data leakage. The use of a DLP solution should be used in conjunction with other processes in order to develop a robust security plan for the business. Having a solution in place may help in determining where important or sensitive data within your organization may need to be better secured. Developing a Plan One of the most important aspects of determining if a DLP solution is right for your organization is developing an overall plan about how it will be used and what type of data will be protected or monitored. This is important to have in place prior to actually going with a solution. The plan will outline the requirements you are looking for as well as any specific requirements that might be required by stakeholders. In the initial phase, it is also going to be important to conduct a risk assessment for the types of data that may be managed by the company. Determining what sort of information is considered sensitive or restricted may help in determining the type of solution, and what sort of settings and configurations may be needed. This is also critical to develop if the organization has never implemented a solution previously or may be asked to do so by a customer or client for regulatory purposes. Choosing a Solution The hardest aspect of implementing a DLP solution is actually choosing the solution that is right for your business. The biggest issues that companies will face will be whether all of the specific environments within the organization are going to be protected. As businesses continue to adopt cloud computing and develop applications or services, making sure these are protected by the DLP solution will be important to address. Some of these areas may include:
Data Movement An additional area that will need to be determined by the company is how it will address the movement of sensitive data throughout the organization. The following states are the most common that will need to be addressed:
Solution Implementation
Once the solution has been decided on and purchased, it is now time to implement it within the network infrastructure. There are usually two states that the monitoring of network traffic will have for the DLP solution. The first being a passive mode, and the second being an active mode. Each of these have their benefits and will be used in the deployment and monitoring process after the initial setup and configuration has been completed. Passive Mode When deploying a DLP solution, it is going to be important to understand the amount of data that will be alerted to is going over the network. For many businesses, this is a HUGE unknown. In the initial setup phase, it will be critical to monitor the types of alerts that will be triggered and the types of data that the DLP will be protecting for the company. With the passive mode enabled, the technical team will be just monitoring the types of alerts that they will be getting. During this time no action will be taken (meaning that the emails or the information will still get through as it normally would), but now the technical staff will have information as to who and when it happened, along with what was leaked. This is meant to enable management and the technical staff to follow-up with the employee to address the issue. Active Mode Once the initial monitoring has happened and it has been determined that the DLP solution can be transitioned to the active mode. This transition in most instances happens with little to no notice by employees of the company. Additionally, determining at what level the active monitoring will be allows the technical staff to dial in to the specific requirements they are looking for. DLP solutions are meant to prevent leakage of sensitive or restricted data, but the business still needs to function as well. So developing roles within the solution will be important, as the various members of the organization will have different requirements based on those job functions. Setting those roles and exceptions to the rules will be one of the key areas that should be addressed in the setup phase of the DLP deployment. Areas of Concern When deploying a DLP solution it is important to remember that all of the data going over the network or through the email server will be subject to inspection. This may slow down that traffic as each and every email is monitored based on the requirements that have been set for the solution. In addition, email attachments and images may also be inspected for potential data leakage as well. Depending on the size of your organization, there may be some network or traffic degradation and emails may take longer in getting trough (especially if you are inspecting both incoming and outgoing responses) which may cause issues with customers or clients. Knowing that there is a potential impact to the business, it may be important to dial up the monitoring or restrictions over time instead of all at once. Summary While an integrated DLP solution will make a lot of sense too many businesses, it is important to remember that the setup and configuration of the solution will take time to develop. Deploying a solution overnight and putting restrictions on data content and traffic may effect the organization in ways that may be unintended. The DLP monitoring creates documentation that management or the IT Security staff may follow up with to address the leakage of sensitive data out of the company. While a standalone application or appliance may suite some businesses, there are some business applications that also have DLP settings that can be enabled that will address some of these issues as well. It comes down to finding the right solution that will fit the needs and the requirements of the business. And ultimately in the long run to protect the sensitive information that the company is expected to protect.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|