What is DLP?
Data Loss Prevention DLP is a strategy or software solution designed to safeguard your sensitive or critical data against leaks and loss. In order to implement the controls required you need identify the data to be protected, the way people use it and set up monitoring to ensure that your data is accessed by only those who need to in-line with your organisational policies and legal obligations. In this way you can help mitigate data loss from insider threats.
Choosing a Data Loss Prevention (DLP) Solution
In the last few years we have seen DLP move from an optional information security control to become an essential part of information security design. During this time Fordway has evaluated and implemented DLP solutions for a number of our customers, giving us an in-depth understanding of this complex area.
A typical brief is simply: “We need a DLP solution”. At this point we ask the customer what they need to protect and what policies are in place to support a DLP implementation. In our experience it is vital to understand the actual requirement – what information needs protecting, who owns the data, how and where will it be used and what data classification scheme will be applied – before looking at solutions.
The next step is to consider a design. DLP designers examine two broad requirements. One deals with data at rest, which is typically data stored on servers or a SAN. The other examines data in motion i.e. data which is being moved out of the network.
Data at rest includes data stored in databases and content management systems. A well designed solution will be able to discover and protect data regardless of where it is stored, including locations such as SharePoint, databases, file shares, SANs and NAS drives.
Protecting data in motion can be even more diverse. Here one has to consider all the means by which data can leave the company network, which could include company email, webmail, online storage such as Dropbox, USB drives, copying data to a laptop or mobile device and FTP uploads.
It is usually at this stage of the design requirements process that the customer understands what a challenging issue implementing DLP can be.
There are three types of DLP solution available.
One option is to implement a single vendor solution aimed at the large enterprise. These solutions are usually comprehensive but expensive.
The second option is to look at niche DLP vendors, some of whom offer high quality products with reasonable costs. This approach means using products from more than one vendor, but provided the user is happy to deal with multiple vendors it is possible to design and implement a high quality solution within a limited budget.
The final option is single-vendor solutions aimed more at the SME. We have recently seen this option becoming more suitable for larger organisations, for example where a traditional malware protection vendor has acquired DLP technology and so is able to offer a comprehensive DLP solution. Although this option is maturing, it cannot compete with enterprise DLP solutions in terms of features and scalability. However, for many organisations this may be all the DLP they will need and therefore provides a good value solution.
One option Fordway offer is Endpoint Data Protection and Compliance