Tip

DLP management tools and reporting: Key considerations

Installation and maintenance of a single centralized management console are key considerations for successful data loss prevention (DLP) management and deployment.

    Requires Free Membership to View

Many products today leverage a Web-based console, which tends to be simpler to access and maintain. All rules should be easily created and managed within this console, and all alerts should be easily represented and accessible here, as well. Rules should be able to be categorized based on data types, users, criticality and sensitivity of data, or system location. Any DLP system should support role-based access for administrators, management, auditors and other users. Integration with Active Directory and other Lightweight Directory Access Protocol user repositories should be considered a standard feature, and many DLP products now offer integration with two-factor authentication products and services. Any quarantined data or forensics traces, as well as incident workflow capabilities, should be easily accessed and configurable within the console interface.

More on data loss prevention products

Best data loss prevention tools

Understanding the ins and outs of data loss prevention

Four DLP best practices that lead to success

Most, if not all, DLP products available today support multiple "canned" compliance-focused reports out of the box. These should include PCI-DSS, HIPAA, Sarbanes-Oxley and any state-specific data privacy and protection laws. For many larger and international organizations, European Privacy Directives, BASEL II and III, and other reports will be valuable, too. In addition to the default compliance reports, many organizations will want to clone and modify these or create custom templates for internal policy reporting and aggregate reports. For many, the ease of creation and modification for customized reports should be a key feature when evaluating DLP management.

The variety of data loss prevention products today is steadily increasing. Some larger vendors offer product suites that encompass network and host-based DLP, while other DLP products are specifically focused on email or Web traffic. More are integrating newer capabilities such as encryption and forensic analysis features, and more organizations today are relying on enterprise DLP products as centralized incident detection and reporting consoles that may also integrate with existing event analysis and reporting tools.

Learn more on choosing DLP products in our guide.


About the author
Dave Shackleford is founder and principal consultant with Voodoo Security; a SANS analyst, instructor and course author; as well as a GIAC technical director. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. He is a VMware vExpert, has extensive experience designing and configuring secure virtualized infrastructures, and is the lead author of SANS Virtualization Security Fundamentals course. He has previously worked as chief security officer for Configuresoft; chief technology officer for the Center for Internet Security; and as a security architect, analyst and manager for several Fortune 500 companies. Additionally, Dave is the co-author of 
Hands-On Information Security from Course Technology.

This was first published in April 2013

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.