CHOOSING A DATA LOSS PREVENTION (DLP) SOLUTION
In the last few years we have seen DLP move from an optional information security control to become an essential part of information security design. During this time Fordway has evaluated and implemented DLP solutions for a number of our customers, giving us an in-depth understanding of this complex area.
A typical brief is simply: “We need a DLP solution”. At this point we ask the customer what they need to protect and what policies are in place to support a DLP implementation. In our experience it is vital to understand the actual requirement - what information needs protecting, who owns the data, how and where will it be used and what data classification scheme will be applied - before looking at DLP solutions.
The next step is to consider a design. DLP designers examine two broad requirements. One deals with data at rest, which is typically data stored on servers or a SAN. The other examines data in motion i.e. data which is being moved out of the network.
Data at rest includes data stored in databases and content management systems. A well designed DLP solution will be able to discover and protect data regardless of where it is stored, including locations such as SharePoint, databases, file shares, SANs and NAS drives.
Protecting data in motion can be even more diverse. Here one has to consider all the means by which data can leave the company network, which could include company email, webmail, online storage such as Dropbox, USB drives, copying data to a laptop or mobile device and FTP uploads.
It is usually at this stage of the design requirements process that the customer understands what a challenging issue implementing DLP can be.
There are three types of DLP solution available. One option is to implement a single vendor solution aimed at the large enterprise. These solutions are usually comprehensive but expensive.
The second option is to look at niche DLP vendors, some of whom offer high quality products with reasonable costs. This approach means using products from more than one vendor, but provided the user is happy to deal with multiple vendors it is possible to design and implement a high quality solution within a limited budget.
The final option is single-vendor solutions aimed more at the SME. We have recently seen this option becoming more suitable for larger organisations, for example where a traditional malware protection vendor has acquired DLP technology and so is able to offer a comprehensive DLP solution. Although this option is maturing, it cannot compete with enterprise DLP solutions in terms of features and scalability. However, for many organisations this may be all the DLP they will need and therefore provides a good value solution.