DLP implementation: mispractice vs. wise adjustment
23.07.2018
DLP systems out of the whole number of information security tools get most highlight. They are expected to become a solution to all threats. However, mispractice lower the image of such systems so some may think that DLP is useless.
Mispractice
There are organizations which implement DLP without preliminary analysis required for such occasions. The main goal of the check is to realize the peculiarity of their business. Thus, as a result they get information flows paralyzed, software lock ups, overload of information security officers.
These happen because of the lack of understanding of DLP impact on routine. Staff in charge for implementation doesn’t realize the array of ‘violations’ that inappropriately customized tool policies could detect. For sure, many of notifications turn out to be false. However, time, energy and nerves as well as company's resources are wasted in pursuit of a ghost.
The reason is that the companies don't solve a number of tasks before the implementation.
-
They don’t specify clear targets for DLP (control of unauthorized access, prevent unintentional mailing of confidential data, comply with the requirements of regulators or tighten the information security policy in general, but perhaps it’s enough just to monitor staff web activity or figure out what's stored in workstations).
-
They don’t explore whether the equipment capacities are sufficient.
-
They don’t test DLP in pilot mode.
-
They customize blocking option as main method to prevent operations with sensitive data while the option of security officer notifying is better, at least at the beginning. First, it will allow you to understand the company’s information flows; second, blocking may disrupt the employee job performance.
Some companies hire many analysts to solve problems occurred after inappropriate implementation. Their task is to do everything but find real security incidents among the information noise of notifications, and to catch the insiders.
Some set up security policies in a way that prevent DLP system to interfere with business as much as possible. DLP is installed nominally and almost does not function. This reduces benefits that organizations could get from the technology.
The rest simply do not complete the safety loop leaving some channels unprotected (USB ports, email, etc.).
The mentioned above mispractice coupled with the cost of the system gives us an attitude to DLP as an expensive toy, difficult one or ineffective. While DLP is especially good at identifying insecure data management policies (and its subsequent tune-up, respectively), preventing accidental leaks and protecting against common methods of theft.
Reasons to implement otherwise
The information security of any company is a complex process that requires a thoughtful approach. The way like ‘plug - and forget’ is completely irrelevant for systems that suppose specific adjustment. Therefore, companies ought to make analysis checking the tasks mentioned above. Thus understanding the specific of the way the information goes around they could wisely adjust the security policy.
It’s common to have the final decision on DLP purchasing made under one of a number of reasons.
First of all they are harsh information security incidents. When consequences of leak are experienced, any arguments against DLP lose their weight. Mostly, companies now are divided into those who have not yet had leaks, and those who are already taking protective measures.
The second are the information technologies growth and sophistication. The practice of using cloud applications, mobile systems and remote connections has spread a lot. Currently, the data is much less concentrated in one place than it was just a few years ago. Therefore, organizations have to protect it somehow.
Finally, the decisive point is the introduction of regulatory requirements, which include provisions for the protection of confidential data and impose significant penalties for non-compliance.
It is worth noting here a recently entered into force regulation on the protection of confidential data of citizens of the European Union (GDPR). Its main purpose is to prevent such information getting to non-authorized persons, especially outside the ‘countries of the GDPR’. The regulation imposes a fine up to four percent of annual revenue for non-compliance.
In addition, modern DLP technologies develop very rapidly. The ability to control data flow through numerous channels, such as cloud services, has increased. The range of covered formats has enlarged as well, for example, images and voice messages have become available for analysis. To optimize and make easier work with security incidents, SecureTower has designed the Investigation Center module. It makes possible to investigate security incidents and form cases in SecureTower itself as well as record the progress of investigation, detect the individuals involved and receive automatically compiled reports after the investigation is completed.
The combination of these facts and significant development of DLP indicate the efficiency of using such solution. Otherwise, the conviction that it is unproductive rather speaks of incorrect implementation of the system.