siliconindia logo
CIO City >>  Expert  >>  

N K Swain

"It is important to understand and identify which control measures are important to the organization and how much impact the user will face"

Building an effective DLP programme

Data Security Breach incidents can expose a business to costly and devastating legal ramifications and also severely defame a brand-sometimes to the point of disrepair.

Law and regulatory authorities who are concerned about the protection of sensitive data are starting to impose stronger controls.

Companies are now serious about data security and taking interest in initiative for protecting sensitive data related to customer, core intellectual property, trade secrets and regulatory data.


Challenges:
• Identification of inventory of such sensitive data within the organization and with 3rd party vendors.
• Keeping track of data leaving organization’s network
• Difficulty in ensuring the integrity of data once it reaches the intended recipient.
• Imposing controls with minimum impact on normal business process

DLP program addresses above issues and successful implementation of DLP depends on following factors:
1. Strategy: What is expected out of it, develop a plan and have a monitoring process
A detailed data protection strategy includes various controls and protective measures at different points across data life cycle such as “Collection”, “Use”, “Transit”, “Storage”, Archival” and “Disposal”. We need to address the security aspects for all three domains i.e. “Data at rest”, “Data in motion” and “Data at Endpoints”.

2. People: Clarity on Role & Responsibility
It is the people who create and handle data. They understand the importance of their data in relation to business. There should be a clearly defined responsibility on planning, design, implementation and operation of DLP solution. For smooth and successful implementation, it is important to understand and identify which control measures are important to the organization and how much impact the user will face.

3. Process: Standardize processes through the data life cycle
The first and most important step is to identify sensitive data and assign a classification.
This will tell as per business which data is considered to be sensitive and will guide to create the DLP policies and rules required to detect and respond to incidents.

4. Technology-Use technology solutions to detect and prevent data loss
DLP technologies are designed to address three distinct scenarios: data at rest, data in motion, and data at the endpoint. Protection techniques aimed at each of these scenarios offer distinct benefits and mitigate different types of risk. Continuous fine tuning of the policies is equally important for effective implementation.

A well-architected DLP program helps to:
• Effectively pinpoint the type and location of the data you want to protect.
• Understanding of the data life cycle, where data resides, what controls are in place, and how effectively those controls are protecting sensitive data.
• Enhance controls over access to sensitive data. Allows limiting access to view, modify, and change sensitive data to the employees who need access to perform their routine job.