siliconindia logo
CIO City >>  Expert  >>  

Samir Dani

"Access to corporate applications from anywhere, at any time and from any device is going to be the  need for enterprises"

Building an effective DLP programme

Data Leak Prevention (DLP) is a complex yet very powerful tool, unless deployed carefully. Successful deployment of DLP would certainly bring its real value to an organization. Below are some of the pointers which would help building effective DLP program.
• Set Clear Objectives: Decide whether you want to protect business information or inculcate discipline. It helps set right expectations as well as provides direction to the team.
• Always Start Small: Start with one business unit or department, it would help understand their  challenges and take corrective measures before rolling it out to other departments.
• Create DLP Champions from Business Team: Creating champions from business and involving them from start would help understand their concerns, set right DLP policies, analyze DLP alerts and fine tune them.
• Set Priorities: Classify your information, identify priorities and focus on them first.
• Don’t ignore it, analyze it: Unless it is configured properly, DLP will create more nuisance than benefit. Ignorance of alerts can lead to leakage of confidential information in spite of deployment of such tool.
• Magic of Training & Awareness: Users are generally unaware of what is expected out of them with respect to information they handle. Training and awareness aid greatly to reduce this gap.

Mobile devices to minimize threat, loss and risk
Access to corporate applications from anywhere, at any time and from any devices is going to be the need for any enterprise. Hence, we need to treat and manage mobile devices just as any other devices connected to our network. Indicators listed below would benefit reduce overall risks while adapting mobile devices in an enterprise.

• Have Mobile Devices Strategy and Policy in Place: Mobile device strategy and policy are an  important and good starting point to govern the use of the mobile devices within an enterprise.
• Conduct Risk Assessment: Risks associated with use of mobile devices is going to vary for each enterprise. It is important that these risks are identified, analyzed, prioritized and measures are taken to minimize risk levels.
• Adapt Data Centric Security: Mobile devices and their capabilities are going to change at a  frequency which no enterprise would ever able to cope up with. Hence, focusing on protecting  business data and applications would minimize the threat of data loss.
• Control Access, Create Smart Apps: Mobile apps need to be smart enough to recognize who  is accessing it, from which devices and from which locations. They should be able to differentiate between normal and deviation in transaction patterns.
• Virtualization or Containerization Works: These are proven methods that help keep business data isolated from personal data on mobile devices. It keeps data encrypted which minimizes the business impact due to device loss or theft.