Manage Learn to apply best practices and optimize your operations.

Five supporting technologies for DLP products

Expert Bill Hayes examines five technologies that can complement data loss prevention products and improve enterprise security.

Data loss prevention (DLP) products can be an integral component of enterprise security programs because they can detect and stop potential exposures of sensitive data. But there are other supporting technologies that can complement DLP products and provide additional layers of data security for enterprises.

Here are the top five supporting technologies to extend information protection beyond an organization's DLP products.

Encryption

Email encryption and file encryption are powerful allies in any DLP effort. Look for encryption products that integrate with DLP products. Encryption can be used to protect files transported on mobile media and even prevent access to sensitive information by encrypting it where it lies when data at rest scanners find it in the wrong place.

Mobile device management

Mobile device management (MDM) products help address blind spots when DLP products do not have integrated protection for mobile devices. Look for MDM that integrates easily with DLP products and addresses a wide variety of mobile devices. MDMs can also be used to turn off a mobile device's camera when it is within the site perimeter where sensitive information is located.

Role-based access control

Email encryption and file encryption are powerful allies in any DLP effort. Look for encryption products that integrate with DLP products.

Role-based access control (RBAC) allows access control administrators to grant access to sensitive information based on employee job duties, and naturally enforces separation of duties. This is particularly important in preventing access rights creep, where users retain access to sensitive information even when job duties change. RBAC features are integrated into applications, such as MS Exchange, Oracle DBMS, Microsoft Active Directory and SELinux.

Digital rights management

Think of digital rights management, particularly information rights management (IRM), as possessing a limited subset of DLP capabilities. IRM products often address only a particular type of information sharing through specific applications such as Microsoft Office, Exchange/Outlook and SharePoint. They can keep an unauthorized user from accessing sensitive information through commonly attempted methods, but may not be able to address more sophisticated theft attempts through malicious software, such as key loggers, screen captures, or copy and paste efforts.

Secure file sharing

Employees often opt for a cloud-based file-sharing site because of its convenience for external entities. However, there are cloud-based products, such as Proofpoint Secure Share, that keep sensitive information in an organizations control, while still making file sharing convenient. This makes it less likely that employees will go looking for risky workarounds when other security measures prevent business-related information exchanges.

Next Steps

Learn how to keep track of sensitive data with a data flow map

Find out how to create a data classification policy before deploying DLP products

This was last published in September 2015

PRO+

Content

Find more PRO+ content and other member only offers, here.

Buyer's Guide

Choose the right DLP tools to help execute your DLP strategy

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Do you use any supporting technologies to complement your DLP products?
Cancel
One of the critical foundations of any successful DLP programme is the application of data classification either before or in parallel to the DLP solution implementation. By providing meaningful classification values in the form of metadata, DLP rules can be configured to understand and action these values - making the overall DLP progress more efficient and effective. It would have been good to see Data Classification represented here as a core foundation, given its prominence not only with the likes of Forrester and Gartner, but also the primary DLP vendors who are actively promoting how Data Classification can help enhance DLP solutions.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...

Close