This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Criticisms made of lax attitudes to data loss prevention tools

Share this article:

Data loss prevention (DLP) is only as effective as the person who sets and manages it.

Talking to SC Magazine, Michael Gabriel, director of the data protection practice at Integralis, said he had seen a transformation from an IT centric to more data-centric attitude within IT departments and there was a fresh acknowledgement to get people who understand data to be better at handling it.

He said: “People move things and find things that they did not even know about and when you realise what your sensitive data footprint is you become less of a target. If you are not setting borders on where data should be, the borders are there and should be enforced by technology.

“Data loss prevention can tag data, you can use it to find information and add a third dimension.”

However Gabriel claimed that a problem with the DLP tool is that it is a ‘bottom-up IT-centric approach', with IT departments buying a solution and installing it without setting specific rules or automated procedures.

He said: “That does not work with DLP, it will deliver in-house policies and change the way you do processes. If it is not doing the job it is because you are not doing it right, you will get results if you implement properly.

“The attitude is that if you turn on enforcement, it starts disrupting business, so now it sits turned off or scaled back so much that it is doing very little. Also, if it is implemented with email encryption, it is all automated and it will look for exact data matching so false positives are kept down to a minimum.”

Gabriel added that often DLP enforces IT policy, however this needs to be regularly considered as ‘policy is not static and needs to change'. He said that there is a need to understand what the mandatory requirements are and to make sure businesses have got the requirements addressed.

Neil McLachlan, security services manager at Onyx, said that there is often a misunderstanding on whether the ‘L' in DLP stands for ‘loss' or ‘leak' and was it worth spending to get 90 per cent protection.

He said: “It has become a tick box culture, is there any point in putting DLP into an email gateway if someone can print a sensitive email off and put it into a briefcase and take it out of the building?”

Andrew Waite, security consultant at Onyx, said: “Until you get the basics right it is no good having it. You need to implement it right in the first place and not just tick a box. It is easy to be compliant and secure, but ticking a box is often just the baseline.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most ...

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two ...

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...

'Sophisticated' Chinese hackers launched attacks against 43,000 computer systems

'Sophisticated' Chinese hackers launched attacks against 43,000 computer ...

A new report reveals that a Chinese cyber-espionage group is closely affiliated with government and carried out attacks against the likes of Fortune 500 companies and government agencies.