Planning to set up a Data Leakage Prevention (DLP) system for your company? With DLP systems costing as much as they do, its common for security managers to think of these new contraptions as the elixir of all their headaches.
Just before you start attaching too much expectations to your DLP, its better to get an insight of what a DLP system is capable of – and more importantly what its not capable of.
DLP is essentially targeted at risk reduction, not truly elimination of threats. System admins have to be careful of the nature of security they are deploying, misdirected policies are likely either raise too many false alarms or too little.
Identify your sensitivity areas, categorize possible threats based on your organizational structure. While it may not be very alarming to have some one from the HR to have a list of all your employees, the same list in the hands of someone from, say, the marketing department should be very alarming. Whereas an attempt to copy or email the same from anyone should automatically trigger an alarm.
Hence simpler the policies, the more effectively your system reacts, for example, address personal info of employees in one rule, another for customer credentials, yet another to deal with pricing archives.
Once you have your policies defined, its time to test them and make some fine adjustments as well to optimize your response. One of the biggest hurdles to an effective implementation of a DLP is improperly defined user groups. In a system that relies heavily on your classification of users on the basis of their priveliges, it’s important that you keep the directory structure as straight forward as possible.
And finally, one thing that we can’t emphasize enough on, is to test, test and retest your DLP configurations, these will truly let you gauge the capability of your DLP installation.