![]() Determine responsibilities: Every IT staff member must be involved in deployments so that they understand changes and can support customer questions.DLP solutions protect data at-rest and in-transit, so this planning step will discover endpoints and data storage points. ![]() Audit infrastructure: You need to know where data is stored and where it’s transferred.Use these standards to determine the ways data should be monitored and protected. Define security requirements: Compliance and other cybersecurity standards will also define the way DLP solutions are deployed.The business requirements will help start a plan that will create a smoother deployment process. Define business requirements: Before deploying a solution, you should define the business requirements behind the deployment strategy.Before deploying your DLP solution, here are a few tips to consider: Over time, a larger percentage of sensitive information will be included, with minimal disruption to business processes.Īs with any integration, DLP deployments need the right strategy to avoid costly mistakes and downtime. A successful pilot program will also provide options for expanding the program. By initially focusing on securing a subset of the most critical data, DLP is simpler to implement and manage. Some organizations will repeat these steps with an expanded data set or extend data identification and classification to enable fine-tuned data controls. This is in addition to controls to outright block risky data activity. Advanced DLP solutions offer user prompting to inform employees of data use that may violate company policy or increase risk. Employees often don’t recognize that their actions can result in data loss and will do better when educated. Once an organization understands when data is moved, user training can reduce the risk of accidental data loss by insiders. Train employees and provide continuous guidance ![]() As the DLP program matures, organizations can develop more granular, fine-tuned controls to reduce specific risks. Controls can target common behaviors that most line managers would agree are risky. At the beginning of a DLP program, data usage controls may be simple. ![]() The next step is to work with business line managers to understand why this is happening and to create controls for reducing data risk. Organizations need to monitor data in motion to gain visibility into what’s happening to their sensitive data and to determine the scope of the issues that their DLP strategy should address. It is important to understand how data is used and to identify behavior that puts data at risk. A robust DLP program must account for the mobility of data and when data is at risk. Examples include attaching data to an email or moving it to a removable storage device. In these cases, the data is often at highest risk at the moment it is in use on endpoints. There are different risks associated with data distributed to user devices or shared with partners, customers and the supply chain. Content inspection often comes with pre-configured rules for PCI, PII, and other standards. It examines data to identify regular expressions, such as Social Security and credit card numbers or keywords (example: “confidential”). Applying persistent classification tags to the data allows organizations to track their use. This means associating a classification with the source application, the data store or the user who created the data. DLP should start with the most valuable or sensitive data that is likely to be targeted by attackers.Ī simple, scalable approach is to classify data by context. The first step is to decide which data would cause the biggest problem if it were stolen. Every organization has its own definition of critical data.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |