Product Group Tests
What makes DLP so hard?June 01, 2015
Data classification means tagging each data item in the organisation with a meaningful description.
Many products help assign classification when the data item is created, while classifying legacy data requires both identification and classification. Classification depends on assigning ownership and needs a classification scheme. Once a scheme is established, assign ownership, classify, and document thoroughly.
Pick a group within the organisation - IT security, privacy or any other group appropriate for the task and assign all legacy data ownership to them. Going forward, the worker who creates a data item owns it and must classify it.
Simple is better - just tag each data item with a meaningful description that tells the item's sensitivity at a glance.. eg three levels of classification: public, internal use and confidential.
Some data items scream out "confidential" - credit cards, personally identifiable information that could be used for id theft or that must be protected by law. Tag these items and configure the DLP system to behave appropriately with the confidential data type.
Unlike the obvious candidates for confidential, the next layer may be harder to find. That means tuning your classification tool so that it knows what your policy - or the law - considers sensitive.
Finally tell your classification tool to find and tag data items that your policy -restricts to employee use, eg company phone books, then tag these.
This entire process is policy-driven. If you don't have a solid, well-defined classification policy, all of the above is for naught.
Now, implement. Data classification will tell users the sensitivity level of the item - and control the exfiltration of those items that should not leave the organisation or should be limited to privileged users. It is useful to be able to de-duplicate emails and documents, especially in large environments. Defining our DLP needs seems straightforward, but it has one little wrinkle: It needs to be compatible with our classification system. In other words, it needs to spot our classifications and behave in accordance with our policy requirements for that classification.
What that means, simply, is: If you have nothing, you should buy the two tools at the same time and ensure that they are compatible. If you have one and not the other, make sure of compatibility before you buy the remaining piece.
All products in this group test
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- The information security implications of M&A deals
- Cyber-security must reflect risk not just regulation
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success