Security Management Strategies for the CIOInstallation and maintenance of a single centralized management console are key considerations for successful data loss prevention (DLP) management and deployment.
Requires Free Membership to View
Many products today leverage a Web-based
console, which tends to be simpler to access and maintain. All rules should be easily created and
managed within this console, and all alerts should be easily represented and accessible here, as
well. Rules should be able to be categorized based on data types, users, criticality and
sensitivity of data, or system location. Any DLP system should support role-based access for
administrators, management, auditors and other users. Integration with Active Directory and other
Lightweight Directory Access
Protocol user repositories should be considered a standard feature, and many DLP products now
offer integration with two-factor authentication products and services. Any quarantined data or
forensics traces, as well as incident workflow capabilities, should be easily accessed and
configurable within the console interface.
More on data loss prevention products
Best data loss prevention tools
Understanding the ins and outs of data loss prevention
Four DLP best practices that lead to success
Most, if not all, DLP products available today support multiple "canned" compliance-focused reports out of the box. These should include PCI-DSS, HIPAA, Sarbanes-Oxley and any state-specific data privacy and protection laws. For many larger and international organizations, European Privacy Directives, BASEL II and III, and other reports will be valuable, too. In addition to the default compliance reports, many organizations will want to clone and modify these or create custom templates for internal policy reporting and aggregate reports. For many, the ease of creation and modification for customized reports should be a key feature when evaluating DLP management.
The variety of data loss prevention products today is steadily increasing. Some larger vendors offer product suites that encompass network and host-based DLP, while other DLP products are specifically focused on email or Web traffic. More are integrating newer capabilities such as encryption and forensic analysis features, and more organizations today are relying on enterprise DLP products as centralized incident detection and reporting consoles that may also integrate with existing event analysis and reporting tools.
Learn more on choosing DLP products in our guide.
About the author
Dave Shackleford is founder and principal consultant with Voodoo Security; a SANS analyst,
instructor and course author; as well as a GIAC technical director. He has consulted with hundreds
of organizations in the areas of security, regulatory compliance, and network architecture and
engineering. He is a VMware vExpert, has extensive experience designing and configuring secure
virtualized infrastructures, and is the lead author of SANS Virtualization Security Fundamentals
course. He has previously worked as chief security officer for Configuresoft; chief technology
officer for the Center for Internet Security; and as a security architect, analyst and manager for
several Fortune 500 companies. Additionally, Dave is the co-author of Hands-On Information
Security from Course Technology.
This was first published in April 2013
Join the conversationComment
Share
Comments
Results
Contribute to the conversation