Choose the right DLP tools to help execute your DLP strategy
A collection of articles that takes you from defining technology needs to purchasing options
Data loss prevention (DLP) products can be an integral component of enterprise security programs because they can detect and stop potential exposures of sensitive data. But there are other supporting technologies that can complement DLP products and provide additional layers of data security for enterprises.
Here are the top five supporting technologies to extend information protection beyond an organization's DLP products.
Email encryption and file encryption are powerful allies in any DLP effort. Look for encryption products that integrate with DLP products. Encryption can be used to protect files transported on mobile media and even prevent access to sensitive information by encrypting it where it lies when data at rest scanners find it in the wrong place.
Mobile device management
Mobile device management (MDM) products help address blind spots when DLP products do not have integrated protection for mobile devices. Look for MDM that integrates easily with DLP products and addresses a wide variety of mobile devices. MDMs can also be used to turn off a mobile device's camera when it is within the site perimeter where sensitive information is located.
Role-based access control
Role-based access control (RBAC) allows access control administrators to grant access to sensitive information based on employee job duties, and naturally enforces separation of duties. This is particularly important in preventing access rights creep, where users retain access to sensitive information even when job duties change. RBAC features are integrated into applications, such as MS Exchange, Oracle DBMS, Microsoft Active Directory and SELinux.
Digital rights management
Think of digital rights management, particularly information rights management (IRM), as possessing a limited subset of DLP capabilities. IRM products often address only a particular type of information sharing through specific applications such as Microsoft Office, Exchange/Outlook and SharePoint. They can keep an unauthorized user from accessing sensitive information through commonly attempted methods, but may not be able to address more sophisticated theft attempts through malicious software, such as key loggers, screen captures, or copy and paste efforts.
Secure file sharing
Employees often opt for a cloud-based file-sharing site because of its convenience for external entities. However, there are cloud-based products, such as Proofpoint Secure Share, that keep sensitive information in an organizations control, while still making file sharing convenient. This makes it less likely that employees will go looking for risky workarounds when other security measures prevent business-related information exchanges.
Learn how to keep track of sensitive data with a data flow map
Find out how to create a data classification policy before deploying DLP products