|
Enforcing this kind of policy requires integration with enterprise directories and dynamic host configuration protocol (DHCP) servers to identify the user's location (system and IP address)--a critical feature to look for in the evaluation process. Role-based administration and hierarchical management ease management overhead and are particularly important in large deployments.
DLP policy violations are extremely sensitive and usually require dedicated workflow. Unlike virus infections or IDS alerts, these incidents lead to employee dismissal or legal actions. The heart of the DLP management system is the incident handling queue, where incident handlers see open violations assigned to them, take actions, and manage workflow for investigations. A good workflow interface eases identification of critical incidents and reduces incident handling time, management overhead and total cost of ownership.
Last year, a DLP customer chose its product ultimately on workflow. After narrowing the field to two vendors it considered equal in terms of technical features, the company selected the product with the workflow and interface its non-technical users (legal, HR and compliance) preferred.
Beyond policy management and incident handling, look for a tool that integrates well with existing infrastructure and includes robust management tools like incident archiving, backup, and performance monitoring. Since senior management and auditors might be interested in DLP activities, robust reports are needed for this non-technical audience and compliance support.
TESTING & DEPLOYMENT
After bringing in vendors f...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
or sales pitches and demonstrations, narrow the field to three or four and start a proof-of-concept trial. Preferably, place the tools side by side in passive monitoring mode on the network and test with representative policies. This allows a user to directly compare results for false positives and negatives, but is tougher to do with endpoint tools. Also test enforcement actions and integration into the infrastructure, especially directory integration. Finally, run the workflow past the business units involved with enforcement to ensure it meets their needs.
Organizations report that DLP deployments tend to go more smoothly than other security installations from a technical level, but it may take up to six months to tune policies and adjust workflow, depending on the complexity. Many find they only need part-time resources to manage incidents, but this varies based on the intricacy and granularity of policies. A 5,000-person organization, on average, only needs a half-time incident handler and administrator to manage incidents and keep the system running.
WHAT'S AHEAD
DLP tools are still fairly adolescent, which means they provide good value but are not as polished as more mature product categories. This shouldn't slow down deployments if you have data protection needs, but understand that the tools will evolve rapidly. Already, the market is transitioning from data loss prevention, focused on plugging leaks, to more-robust content monitoring and protection (CMP) designed to protect data throughout its lifecycle. CMP will eventually become one of the most important tools in the security arsenal.
|
 |
|
