Data Loss Prevention and Data Classification

Why does this topic matter?

• This topic matters because know about data loss prevention (DLP) tools and how to classify data is a big deal in the realm of cyber security. DLP tools and processes are implemented to make sure critical data is not lost, misused, or accessed by unauthorized users. This topic goes hand in hand with confidentiality as part of the CIA triad.

How would you convince your organization about the importance of implementing a DLP solution?

• I would convince my organization about the importance of implementing a DLP solution by stating how it would greatly help with compliance. Our organization works with a data, both personally identifiable information and protected health information, and the need to be compliant is high. DLP would allow us more visibility in terms of identifying violations to compliance requirements. If our organization flags these issues early on, then we can fix the violation, and provide reporting to meet compliance and auditing requirements.

How would you explain the three main use cases for DLP to friends or family?

• I would say that DLP is a swiss army knife. It protects data at rest, informs us that we are not following the rules (not compliant), and marks things for us se we can know how important it is.

Things would I like to know more about?

• Since global data protection regulations are constantly changing, how does DLP know that its in compliance? Does it get an update? or does it have to be uploaded manually?