Kotak Mahindra Bank has initiated the DLP implementation across all business units in a phased manner and the implementation was started 6 months ago with critical business units. The solution monitors all channels, viz. Internet, Email and End point.
1. Proper strategy and planning are vital for successful DLP implementation.
2. Get management support for the Project. Identify the critical business units considered for DLP implementation.
3. Get the data classification in place which provides a substantial idea on the critical data assets (sensitive data) that needs to be protected.
4. Ensure that the Incident Monitoring and Management process is in place.
5. Start Small: Probably start monitoring two to three business units and get the incident management process and workflows in place. (It would be good if OU structure in Active Directory is aligned with Business Units)
6. Grow Carefully. Be sure you’re measuring not only what DLP Control wants you to measure, but that you’re also measuring how effective the solution is overall for your organization. Are you catching tons of false positives and few true positives? Do you have ways of measuring false negatives?
7. Periodic reviews is very crucial to identify the false positives/negatives and trending the alerts that are being thrown by the tool.
-With Agnelo Dsouza,CISO,Kotak Mahindra Bank on '7 Tips to DLP Implementation'