Product Group Tests

What makes DLP so hard?

by Peter Stephenson June 01, 2015
products

GROUP SUMMARY:

Data classification means tagging each data item in the organisation with a meaningful description.

Many products help assign classification when the data item is created, while classifying legacy data requires both identification and classification. Classification depends on assigning ownership and needs a classification scheme. Once a scheme is established, assign ownership, classify, and document thoroughly.

Pick a group within the organisation - IT security, privacy or any other group appropriate for the task and assign all legacy data ownership to them. Going forward, the worker who creates a data item owns it and must classify it. 

Simple is better - just tag each data item with a meaningful description that tells the item's sensitivity at a glance.. eg three levels of classification: public, internal use and confidential.

Some data items scream out "confidential" - credit cards, personally identifiable information that could be used for id theft or that must be protected by law. Tag these items and configure the DLP system to behave appropriately with the confidential data type.

Unlike the obvious candidates for confidential, the next layer may be harder to find. That means tuning your classification tool so that it knows what your policy - or the law - considers sensitive. 

Finally tell your classification tool to find and tag data items that your policy -restricts to employee use, eg company phone books, then tag these.

This entire process is policy-driven. If you don't have a solid, well-defined classification policy, all of the above is for naught.

Now, implement. Data classification will tell users the sensitivity level of the item - and control the exfiltration of those items that should not leave the organisation or should be limited to privileged users. It is useful to be able to de-duplicate emails and documents, especially in large environments. Defining our DLP needs seems straightforward, but it has one little wrinkle: It needs to be compatible with our classification system. In other words, it needs to spot our classifications and behave in accordance with our policy requirements for that classification.

What that means, simply, is: If you have nothing, you should buy the two tools at the same time and ensure that they are compatible. If you have one and not the other, make sure of compatibility before you buy the remaining piece.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US