Proper deployment of DLP mitigates risk

Proper deployment of DLP mitigates risk

Tags:    compliance   data loss prevention   RSA conference 2011

By Robert Westervelt, News Director, SearchSecurity.com | Mar 7, 2011

Effective deployments of data loss prevention (DLP) technology must be rolled out slowly and in stages to prevent disruption to end users and reduce the number of alerts that could overburden IT departments.

Experts at RSA Conference 2011 sharing data loss prevention best practices, said DLP technologies hold promise in preventing employee mistakes that could lead to costly data breaches or compliance violations. But firms that have started rolling out DLP warn that projects should begin small to avoid potential chaos.

Many organizations are implementing DLP over a limited subset of the network to show immediate value to management, said Rich Mogull, a former Gartner analyst and CEO of Phoenix-based Securosis, a security research consultancy. Organizations choose between focusing DLP for scanning the network, scanning storage or scanning the endpoint. Few organizations are using DLP automated enforcement capabilities and instead focus on monitoring for data security policy violations, Mogull said.

"Simpler use cases are what I've seen most people doing," he said. "Most people are not doing DLP in multiple channels."

Before organizations roll out a full-blown DLP deployment, Mogull warns firms to start with selecting a single policy and only monitoring email.

"You take it one step at a time," Mogull said. "When you get good results, then you add another policy and roll it out further."

After deploying DLP technology from Websense Inc., Larry Whiteside Jr., CISO of the Visiting Nurses Service of New York, said his team began monitoring the company's email gateway to avoid disrupting employees. In an interview with SearchSecurity.com, Whiteside said the intent was to monitor the violations in documents that employees can edit, save and move to certain locations.

Whiteside said the company hit its first roadblock immediately after turning on the technology. At first it was tuned to monitor too many policies, creating inefficient alerts that burdened system administrators, Whiteside said.

"We became overwhelmed with information," he said. "We scaled it back so we could get to a point of manageable information and then we started identifying things to tune it even more."

Whiteside said his message to companies is that DLP technology is not inexpensive, but also does not have to be "that big scary monster" that disrupts the entire company. The popularity of the technology soared in the last several years with early adopters trying to gain control over the leakage of sensitive data -- often times the result of employee mistakes or employees blatantly ignoring security policies.

 
 
12 > >>
This article originally appeared on SearchSecurity.com

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
Verification Code
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Trusted Mobility Index
The mobile ecosystem of devices, services and networks is at a critical inflection point.While the mobile revolution is unleashing massive opportunities in both emerging and mature economies, it is also increasing in complexity and confusion. The reality is the lightning-fast adoption of powerful, smart devices is outpacing society’s ability to secure them. Today, trust in mobility hangs in the balance.
The state of the Internet, Q4, 2011
Geography appears to play a role in frequency of observed attacks on specific ports. For example, Port 23 (Telnet) is a favorite target for attacks observed to be originating from South Korea and Turkey, where it accounted for more than five times the number of attacks targeting the next most popular port (445 in both countries). Other instances of geography-based port targeting include observed attacks centered on Port 1433 (Microsoft SQL Server) in China and on Port 80 (WWW/HTTP) in Indonesia.
 
 
 
HID Global deploys a centralized, web-based IP access control solution at Fuxi Power Plant
Unable to meet the needs for real-time monitoring with its traditional patrol system, China's Fuxi Power Plant has deployed HID Global's VertX V2000.
StubHub: How to spot fraud before it happens
Whenever a list of log-on credentials is dumped onto the Web, retailers get hit with waves of automated attacks. Here's how ticket marketplace StubHub fights the threat.