Companies must embrace a new way of thinking to better identify and protect sensitive information that could be leaked or disclosed. There is no longer such a thing as a ‘secure network perimeter.’ By ignoring this fact, organizations are passively making a choice between locking data down so tightly that it hinders productivity or relaxing controls to the point that it could result in the inability to mitigate a security breach.
Organizations have turned to data loss prevention (DLP) tools as the answer to security breaches. Existing DLP offerings do an admirable job at detecting and preventing unauthorized attempts to copy or send sensitive data without authorization. Yet, they do not always provide a comprehensive security solution, because unstructured data, while easy to work with for the DLP user base, is also easily lost, leaked or stolen.
Sensitive content can be tricky for DLP solutions to identify after it’s been saved or sent, as it may contain encryption, common words, vague patterns, or inexact input or context. Most DLP solutions deliver false positive rates in these instances, because, quite simply, DLP cannot always answer the important questions such as: 1) what data is truly sensitive; 2) who should have access to it; 3) how is the data to be handled; and 4) when should access be granted or revoked?
In this slideshow, Watchful Software has identified the top five reasons you should step up your data loss prevention strategy.
Facing DLP Challenges
Click through for five serious challenges your organization must face when developing your data loss prevention (DLP) strategy, as identified by Watchful Software.
The Struggle Is Real
DLP can be error prone.
DLP struggles in identifying and applying policies to unknown data formats, unstructured data (anything outside of a database) and encrypted content. With DLP, the IT team needs to foresee what could happen before it does and set policies allowing DLP to recognize a threat situation. DLP is powerful, but it needs to be told what to do, with every policy defined before it occurs.
DLP is imprecise.
General rules are the strong suit for DLP – not specific data. DLP initiatives can be hampered by false positives and event overload. If an admin needs to foresee every potential threat scape before it occurs to make DLP effective, the input needs to be specific. If the setup for DLP is imprecise, when a policy is applied that should not be, false positives can occur.
DLP requires time.
DLP initiatives can turn into long-term, never-ending projects, where specific policies have to be turned into automated rules for each specific identified threat. DLP initiatives require manual monitoring and regular policy updates to ensure that the security parameters are correct. Often, DLP initiatives are multi-year projects with policies that need to be fine tuned on a regular basis.
Limited by Tunnel Vision
DLP can have a narrow focus.
DLP is not agile in enforcing access policies when data has crossed the perimeter and is outside the network defenses. DLP is like a security guard, protecting the doors. It will either stop or not stop elements from coming inside and breaching the perimeter. It will apply the policy on file and do as it instructs. This means that sometimes, threats can slip by the DLP protection in place.
Some Assembly Required
DLP requires knowledgeable users to optimize its functionality.
Unlike antivirus protection and firewalls, DLP is not a transparent security control. DLP applies the policies established for its function and applies as instructed. Users must understand that for a DLP solution to be optimally effective, operators must understand the specific rules it requires to function. End users need to be educated and trained to ensure it is utilized properly.
Because organizations may not fully understand the limitations of DLP, they often end up with a system that is never fully rolled-out or widely used, or in some cases it is just shelved. DLP must be fully understood and enhanced to ensure your data’s security risk is mitigated.