Data Loss Prevention - Salem73616C656D/reading-notes GitHub Wiki
Key Takeaways
Reasons to Use DLP:
Personal Information Protection / Compliance:
- Does your organization collect and store Personally Identifiable Information (PII), Protected Health Information (PHI), or payment card information (PCI)? If so, you are more than likely subject to compliance regulations, such as HIPAA (for PHI) and GDPR (for personal data of EU residents), that require you to protect your customers’ sensitive data. DLP can identify, classify, and tag sensitive data and monitor activities and events surrounding that data. In addition, reporting capabilities provide the details needed for compliance audits.
IP Protection:
- Does your organization have important intellectual property and trade or state secrets that could put your organization’s financial health and brand image at risk if lost or stolen? DLP solutions like Digital Guardian that use context-based classification can classify intellectual property in both structured and unstructured forms. With policies and controls in place, you can protect against unwanted exfiltration of this data.
Data Visibility:
- Is your organization seeking to gain additional visibility into data movement? A comprehensive enterprise DLP solution can help you see and track your data on endpoints, networks, and the cloud. This will provide you with visibility into how individual users within your organization interact with data.
Data Loss Prevention Best Practices
Determine your primary data protection objective:
- Are you trying to protect your intellectual property, gain more visibility into your data, or meet regulatory compliance? With a main objective in place, it’s easier to determine the most appropriate DLP deployment architecture or combination of architectures. The four main DLP deployment architectures are: Endpoint DLP, Network DLP, Discovery, and Cloud
When Researching DLP Vendors, Establish Your Evaluation Criteria:
- What types of deployment architectures are offered?
- Do they support Windows, Linux, and OS X with feature parity?
- What deployment options do they offer? Do they provide managed services?
- Do you need to defend against mainly internal or external threats? Or both?
- Do you need to perform content- or context-based inspection and classification? Will your users be able to self-classify documents? Do you need a blend of multiple methods?
- Are you most concerned with protecting structured or unstructured data?
- Do you plan to see and enforce data movement based on policies, events, or users?
- What compliance regulations are you bound by? What new regulations are on the horizon?
- Who are their technology alliance partners and what technologies would you like to integrate with your DLP?
- How quickly do you need to deploy your DLP program?
- Will you need additional staff to manage your DLP program?
Clearly Define The Roles And Responsibilities
Start With A Clearly Defined Quick Win
Work Together With Business Unit Heads
Document Your Processes Carefully
Define Success Metrics And Share Reporting With Business Leaders
DLP Is A Program, Not A Product
Vocabulary
No new Vocabulary
Conclusion
Data Loss Prevention is a program, NOT a product.