|
The last major component of DLP solutions is endpoint agents to monitor use of data on the user's desktop. A "complete" agent theoretically monitors network, file and user activity such as cut and paste, but few real-world tools provide full coverage. Most products start with file monitoring for endpoint content discovery and to detect (and block) sensitive data transfers to portable storage. Rather than completely blocking USB thumb drives to protect data, an organization can use these tools to restrict file transfers based on content.
Endpoint DLP tools are starting to add more advanced protection, such as limiting cut and paste, detecting sensitive content in unapproved applications such as certain encryption tools, and automatic encryption based on content. Over time, they will increase the type and number of policies they can enforce and integrate more deeply into common endpoint applications.
MANAGEMENT & WORKFLOW
DLP solutions are dedicated to the business problem of identifying and protecting sensitive information. Ideally, an enterprise wants to establish a single policy for data protection and apply it throughout its environment--a key advantage of a full-time DLP solution over security tools with a DLP feature. DLP...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
suites centralize workflow for incident handling across the network, storage and endpoints, and provide user interfaces for technical and non-technical incident handlers. Many organizations find that compliance, legal and HR departments play just as large a role in policy enforcement as IT security.
Central policy management allows a user to define the content to protect--like a customer identification number--then apply different enforcement actions based on where the violation is triggered. You define the content once, and then build rules based on context. These policies are distributed throughout a DLP infrastructure, including the network, storage and endpoints. Policies apply differently to different users, are rated at different sensitivity levels, have violation count thresholds, and are assigned to specific business units or incident handlers.
For example, a policy could be set that says: "The customer relations team is allowed to email a single account number to a recipient, but block account numbers in any other channels or by any user. Only customer team members can store account numbers on their laptops, but only if encrypted. Account numbers cannot be transferred to portable storage, and are only allowed on these servers."
|
 |
|
