Our DLP product includes predefined rule sets to avoid data leaks that might be a violation of HIPAA or PCI DSS....
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Is it really worth the time and effort to employ these rule sets?
Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
Absolutely. Data loss prevention (DLP) products can play an important role in ensuring that sensitive data doesn't leave your organization without authorization. However, as with any security product, they require a certain amount of care and feeding if they are to be used effectively.
In the case of PCI DSS, DLP rules are especially effective because the PCI DSS standard focuses on the protection of payment card information; the primary protected data element -- the card number -- not only follows a standard format, but also contains a check digit that verifies whether a card number is mathematically valid. DLP systems can leverage this formula for the construction of credit card numbers to eliminate a large portion of false positives and send alerts about the unencrypted transmission of credit card information with a high degree of accuracy.
Using DLP products to detect the transfer of other sensitive information, such as health records protected by HIPAA, can be a bit trickier, as the information may come in many forms, including unstructured data. Such challenges require a much more thoughtful approach to DLP. Security professionals attempting to protect against the unauthorized exfiltration of HIPAA information should consider a variety of DLP tactics, including keyword matching, analysis of sender and recipient information, and the tagging of specific files that may contain sensitive information. However, it is likely that DLP systems used in this capacity will experience a higher number of false positives than the simpler credit-card use case. One potential way to reduce the false positive rate is by using a DLP system with the capability of "tagging" sensitive documents, but this depends upon having all sensitive information clearly identified in advance and having those tags preserved across versions and derivative documents.
Dig Deeper on Data Loss Prevention
Related Q&A from Mike Chapple
Vulnerability scanning tools are necessary to be fully compliant with PCI DSS, but the tools need to come from a PCI DSS Approved Scanning Vendor. ...continue reading
Healthcare clearinghouses like Mass HIway are a new trend in health IT, but what are the security implications? Expert Mike Chapple explains what you...continue reading
The FFIEC Cybersecurity Assessment Tool has faced harsh criticism since its 2015 release. Expert Mike Chapple reviews the tool and how it can be ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.