Tuesday, February 24, 2015

Best Practices for Data Loss Prevention


https://siliconintelligence.wordpress.com/2015/02/13/best-practices-for-data-loss-prevention/
Data loss prevention is a policy based capability to prevent data leak. This is a highly effective solution for the whole enterprise but encompassing every possible implementation is a multi-year multi-million dollar multi-team effort.
The best way to approach an implementation is to have an enterprise level view of how data moves or to be more specific how sensitive data moves around and in/out of the enterprise. This comes from a well-executed analysis and a business case.
Data loss prevention works primarily on a proactive approach to deal with zillions of gigabytes of data which gets lost or stolen or misplaced while at rest or transit. Many vendors have different offerings and it’s not easy to choose the one that fits your enterprise. The reason being the various types of data living in an enterprise is numerous as well as one size doesn’t fit all.
Points to consider when choosing a DLP solution are,
  • Choose a vendor with strong multi industry experience as their best practices and support will be very handy.
  • Choose a product which is easy for implementation and LATER operational team can run it efficiently. Reason being some products lack clarity, slack management console and drab dashboards. Few DLP solutions have nasty interfaces and they will slow down your productivity.
  • Should have good content inspection and high throughput because you don’t want a choke-point in every data path.
  • Stand alone or centralized configuration as both has pros and cons.
  • If your CSO is keen to have an overall view, then choose a product which can integrate with Anti-malware, web/mail services, Identity management and SIEM. This combination is a crucial solution to discover serious strengths and weaknesses in your network.
  • Ability to have advanced logging and auditing capability and in depth report generation which is very handy for managers.
  • Software/virtual solution or a dedicated appliance as performance and cost varies.
  • Last but not the least, money as this shouldn’t hold you up in achieving your scope for the enterprise. No one wants solutions re-scoped because it’s costing more than the initial estimate. I have come across major enterprise projects which have been restricted to one customer site or few applications or some user groups because funding was tight.
The success of a DLP solution relies on how well your documentation is and training of your support teams. As I always believe start small i.e just start monitoring, later add one or two features to your solution, then again train support teams, add more features, log more, train support teams and loop.

No comments: