Our DLP product includes predefined rule sets to avoid data leaks that might be a violation of HIPAA or PCI DSS....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Is it really worth the time and effort to employ these rule sets?
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
Absolutely. Data loss prevention (DLP) products can play an important role in ensuring that sensitive data doesn't leave your organization without authorization. However, as with any security product, they require a certain amount of care and feeding if they are to be used effectively.
In the case of PCI DSS, DLP rules are especially effective because the PCI DSS standard focuses on the protection of payment card information; the primary protected data element -- the card number -- not only follows a standard format, but also contains a check digit that verifies whether a card number is mathematically valid. DLP systems can leverage this formula for the construction of credit card numbers to eliminate a large portion of false positives and send alerts about the unencrypted transmission of credit card information with a high degree of accuracy.
Using DLP products to detect the transfer of other sensitive information, such as health records protected by HIPAA, can be a bit trickier, as the information may come in many forms, including unstructured data. Such challenges require a much more thoughtful approach to DLP. Security professionals attempting to protect against the unauthorized exfiltration of HIPAA information should consider a variety of DLP tactics, including keyword matching, analysis of sender and recipient information, and the tagging of specific files that may contain sensitive information. However, it is likely that DLP systems used in this capacity will experience a higher number of false positives than the simpler credit-card use case. One potential way to reduce the false positive rate is by using a DLP system with the capability of "tagging" sensitive documents, but this depends upon having all sensitive information clearly identified in advance and having those tags preserved across versions and derivative documents.
Dig Deeper on Data Loss Prevention
Related Q&A from Mike Chapple
A proposed cyberattack information database in the U.K. aims to improve cyberinsurance. Expert Mike Chapple explains what collecting data breach ...continue reading
The proposed CFTC regulations on cybersecurity testing are set to finalize in 2016. Expert Mike Chapple discusses the effects these regulations have ...continue reading
Whether Apple is a HIPAA covered entity was called into question when it advertised for a health regulations lawyer. Expert Mike Chapple discusses ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.