siliconindia logo
CIO City >>  Expert  >>  

Parvinder singh

"It is necessary to accurately detect all types of confidential data wherever the data is stored, copied, or transmitted and to ensure the highest accuracy."

Building an effective DLP program
DLP is not a fancy term, it is kind of necessity for the company to ensure IP, PII or any other confi dential data is protected. Data Prevention Technology is the key components in any company’s Information Security framework. Success of DLP Project depends on the approach; preferably it should be taken as Business initiatives rather taken as IT Initiative. However, in most of the case, if IT is driving it then ensure, business key stake holders are part of this initiative. Need to have more defi ned process before implementing DLP technology.

• Defining the DLP policies that are aligned with business objectives. This could be done by involving business in data profi ling and defi ning what data is to be protected
• Rigorous and regular monitoring of DLP incidents and accordingly fi ne tuning the DLP policies. This eliminates false positives, brings in productivity and enables focus on “actual” incidents.
• Effective incident management procedure to handle DLP incident that highlights a security breach

Max Life has undertaken DLP initiatives to address various issues as few are listed here:

a) Stay top of the compliance
Compliance is one of the key factor to implement DLP, We are obliged by various regulations to protect the data, and this technology help to with this we are able to it helps to protect critical information and to maintain compliance with privacy, PCI DSS, and other data protection regulations.

b) Enhanced and secured ubiquity
DLP enables always-on and ubiquitous work by securing and controlling information fl ows wherever the user is.

c) Centrally monitored security policy and enforcement
The DLP console is centrally managed under a global IT policy and provides workflow capabilities that distribute the responsibility of data protection to the entire business so that business units can set rules and manage enforcement. In a general context, DLP acts as a global responsibility tool with which business owners can act directly on security.

d) Address risks associated with outsourcing
Some of the processes of Max Life are outsourced to third parties. This brings with it the risk of having to extend Max Life information to extended community. The risk is effectively addressed with DLP monitoring the data that is shared with the third parties.

e) Enable incident investigation
At times, DLP serves as an important tool to investigate incidents in which traces of certain data are to be found out (Discovery feature). This enables to narrow the search and reduce the time taken for investigation.

MLI has deployed DLP to prevent data loss from all the gateways and end point. It is also necessary to accurately detect all types of confi dential data wherever the data is stored, copied, or transmitted and to ensure the highest accuracy.

• Endpoint agent with both discovery and prevention
• Broadest Discovery of stored data repositories
• Protection of stored data via policybased automation
• Network Prevent deployments in production
• Universal Policies with Accurate Detection across data types