Our DLP product includes predefined rule sets to avoid data leaks that might be a violation of HIPAA or PCI DSS....
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Is it really worth the time and effort to employ these rule sets?
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
Absolutely. Data loss prevention (DLP) products can play an important role in ensuring that sensitive data doesn't leave your organization without authorization. However, as with any security product, they require a certain amount of care and feeding if they are to be used effectively.
In the case of PCI DSS, DLP rules are especially effective because the PCI DSS standard focuses on the protection of payment card information; the primary protected data element -- the card number -- not only follows a standard format, but also contains a check digit that verifies whether a card number is mathematically valid. DLP systems can leverage this formula for the construction of credit card numbers to eliminate a large portion of false positives and send alerts about the unencrypted transmission of credit card information with a high degree of accuracy.
Using DLP products to detect the transfer of other sensitive information, such as health records protected by HIPAA, can be a bit trickier, as the information may come in many forms, including unstructured data. Such challenges require a much more thoughtful approach to DLP. Security professionals attempting to protect against the unauthorized exfiltration of HIPAA information should consider a variety of DLP tactics, including keyword matching, analysis of sender and recipient information, and the tagging of specific files that may contain sensitive information. However, it is likely that DLP systems used in this capacity will experience a higher number of false positives than the simpler credit-card use case. One potential way to reduce the false positive rate is by using a DLP system with the capability of "tagging" sensitive documents, but this depends upon having all sensitive information clearly identified in advance and having those tags preserved across versions and derivative documents.
Related Q&A from Mike Chapple
Web application firewalls may be a way to better security, but organizations need to be aware of the compliance implications of WAFs.continue reading
An SEC report shows over three-quarters of financial institutions were subject to at least one cybersecurity attack. Expert Mike Chapple looks at ...continue reading
The Data Accountability and Trust Act is likely to become a law this year. Expert Mike Chapple advises organizations on how to prepare.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.