In addition to the network documentation, network access is necessary. The exact nature of the access will depend on how the company is deploying the DLP sensor. For a passive/monitoring-only deployment, you will need access to either a span port or network tap on the appropriate VLAN(s). This will enable the DLP sensor to monitor traffic without interfering with the traffic's flow across the network.
Alternately, for an active deployment, you will need a slightly different architecture. In this case, the network will actually be routing traffic through the DLP sensor. As such, work with the vendor and the networking team to find an agreeable routing protocol. In most cases, static routes will suffice.
Preparing the documentation and planning the network architecture ahead of time will not only speed up the deployment but also make it, ultimately, a more successful one.
For more information:
This was first published in March 2009