Feature

Data Loss Prevention Tools Offer Insight into Where Data Lives

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Does security make the grade in Windows Server 2008?."

Download it now to read this article plus other related content.

Enforcing this kind of policy requires integration with enterprise directories and dynamic host configuration protocol (DHCP) servers to identify the user's location (system and IP address)--a critical feature to look for in the evaluation process. Role-based administration and hierarchical management ease management overhead and are particularly important in large deployments.

DLP policy violations are extremely sensitive and usually require dedicated workflow. Unlike virus infections or IDS alerts, these incidents lead to employee dismissal or legal actions. The heart of the DLP management system is the incident handling queue, where incident handlers see open violations assigned to them, take actions, and manage workflow for investigations. A good workflow interface eases identification of critical incidents and reduces incident handling time, management overhead and total cost of ownership.

Last year, a DLP customer chose its product ultimately on workflow. After narrowing the field to two vendors it considered equal in terms of technical features, the company selected the product with the workflow and interface its non-technical users (legal, HR and compliance) preferred.

Beyond policy management and incident handling, look for a tool that integrates well with existing infrastructure and includes robust management tools like incident archiving,

    Requires Free Membership to View

backup, and performance monitoring. Since senior management and auditors might be interested in DLP activities, robust reports are needed for this non-technical audience and compliance support.


TESTING & DEPLOYMENT
After bringing in vendors for sales pitches and demonstrations, narrow the field to three or four and start a proof-of-concept trial. Preferably, place the tools side by side in passive monitoring mode on the network and test with representative policies. This allows a user to directly compare results for false positives and negatives, but is tougher to do with endpoint tools. Also test enforcement actions and integration into the infrastructure, especially directory integration. Finally, run the workflow past the business units involved with enforcement to ensure it meets their needs.

Organizations report that DLP deployments tend to go more smoothly than other security installations from a technical level, but it may take up to six months to tune policies and adjust workflow, depending on the complexity. Many find they only need part-time resources to manage incidents, but this varies based on the intricacy and granularity of policies. A 5,000-person organization, on average, only needs a half-time incident handler and administrator to manage incidents and keep the system running.


WHAT'S AHEAD
DLP tools are still fairly adolescent, which means they provide good value but are not as polished as more mature product categories. This shouldn't slow down deployments if you have data protection needs, but understand that the tools will evolve rapidly. Already, the market is transitioning from data loss prevention, focused on plugging leaks, to more-robust content monitoring and protection (CMP) designed to protect data throughout its lifecycle. CMP will eventually become one of the most important tools in the security arsenal.

This was first published in February 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: