To implement DLP do we need to classify the documents as a mandate step ? DLP Vendors say Data classification is not required and it will be taken care by DLP Engine. However, on the other hand Tools like Titus, Klassify say that is important to classify the document. What is the best practice? Do we have industry bench mark?

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Votes: 0
Email me when people reply –


  • Debojit Moitra - I am using 14000 user end point DLP with keywords but I customised the report with Sql script

  • Kuljit  Hooda - In my experience DLP would not be able to achieve its objective if we don't classify. If the purpose is to log everything then you can go without classification but if purpose is to filter and act then classification is must.

  • Dilipkumar Mukundan - Without classification DLP project will never succeed.

  • Debojit Moitra - The vendor is confirming provided if you have proper keywords classification as high medium or low...then you can bypass the classification software but still classification sw installation is a better practice

  • Prabhakar Akela - Classification is good. Also it works on classification and default data leak elements too. Also key words to filter egress. It will learn and becomes more intelligent over a period of time.

  • S Sridharan - DLP will restrict the classified data based configuration. Unless you classify, DLP is useless.

This reply was deleted.