siliconindia logo
CIO City >>  Expert  >>  

S.Srikanth

"Implementing DLP in business means we can increase customer confidence and reduce risk with a strong data loss prevention strategy"

 

Building an effective DLP program
In recent years, an increasing number of high-profile data security breaches have made headlines. These events can not only expose a business to costly and devastating legal ramifications, they also can severely denigrate a brand-sometimes to the point of disrepair. Companies cannot afford to take this lack of data security lightly.

Complying with government regulation and securing sensitive information across the data life cycle can be challenging as well as costly.

With consumers and regulators demanding more control over sensitive data than ever, it is clear that-whether we are a security leader or a business line executive-now is the time for us to start better protecting our company’s customer data, core intellectual property, trade secrets, and regulated data.Organizations need to understand what controls are in place to protect sensitive data.

As most companies move toward deploying a DLP solution, they often realize that they could be getting more out of their existing controls. Many companies see that their disparate point solutions, which do not interoperate, are preventing them from achieving a maximum level of protection.

Key Components for successful DLP Program

a. Strategy-Decide on the desired result, develop a plan, and monitor progress
• Align DLP programs with overall data protection strategy
• Look for leaders, not silver bullets whilechoosing the DLP solution
• Obtain stakeholder buy-in across the organization
• Align key performance indicators (KPIs) with your overall data protection strategy

b. People-Increase resource effectiveness
• Assign roles and responsibilities
• Understand organizational culture
• Identify data owners

c. Process-Streamline, simplify, and standardize processes through the data life cycle
• Establish a data classification schema
• Conduct a data protection assessment
• Perform privacy impact analysis
• Develop enabling business processes

d. Technology-Use technology solutions to detect and prevent data loss
• Deploying solutions typically occurs modularly
• DLP technologies should be designed to address three distinct scenarios: data at rest, data in motion, and data at the endpoint
• Continuously tune policies

Implementing DLP in business means we can increase customer confidence and reduce risk with a strong data loss prevention strategy.

A well-architected DLP program can help us to achieve the below-
• Improve data classification schemes
• Gain an understanding of the data life cycle
• Enhance controls over access to sensitivedata
• Repair broken business processes

My point of view for DLP should be an effective solution which provides transparency over data use, controls sensitive data, and reduces the likelihoodand costs of a data breach.