Social Network For Security Executives: Help Make Right Cyber Security Decisions
Myth: – DLP is for IT and it is an IT Project | Truth: – DLP is for Business and it is a Business Project
DLP Solution is implemented by IT for the business with the close association of various business departments; DLP implementation requires strong upper management commitment and support, in-depth involvement of middle management, IT operation and business/data owners of various departments.
DLP implementation project is destined to be failed if it is considered merely as IT project.
In short, the prime objective of DLP is to monitor and control the sensitive/confidential/restricted information whether it is at rest, in use or in transit
There are 3 states of information that any DLP should handle: Data in Rest, Data in Motion and Data in Use.
DLP must have the capability to discover various file types like spreadsheet, word and pdf documents etc whether they are present on end user machines, file server, databases, SAN or NAS storage etc. Once found such file types, DLP must be able to open the files and scan the contents to determine the specific type of information as per decided policy like credit card numbers, PAN card no or bank accounts, customer details or specific information. To accomplish this, DLP uses crawler application which crawls through various data stores in the network, machines, databases etc to discover the set of information and develop fingerprints
Discovering the locations and collecting the specific set of information is very critical and important to determine whether its location is permitted to store that specific information set as per business guidelines and policies
To monitor information movement in the network, DLP use network analyzer and sensors that capture and analysis network traffic. DLP must have Deep Packet Inspection capability (DPI). It allows DLP to inspect the data in transit and determine contents, source and destination. If sensitive information is detected flowing to an unauthorized destination, DLP has the capability to alert the user and manager and IT and block the data flow
Data in Use refer monitoring data movement on the end user that they perform on their machines whether data is being copied on thumb drive, sending information to the printer, or cut and paste activities in between applications.
Implementing DLP solution is complex task and requires significant preparatory activities like policies development, directory service integration, work flow management, incident handling, business process analysis, assessment of various type of information that org uses, detailed inventories of the assets carries sensitive information, data flow analysis, data classification and these activities require the deep involvement of the various business dept, data owners, stakeholders and IT dept.
(Read more: How to write a great article in less than 30 mins)
Justify the requirement of the DLP solution in the organization with the facts, trends, and POC results
Note: – Quite often enterprises are unaware about all type of information they posse and have limited clue about the locations of sensitive and critical information. So it is very imperative to identify all type of sensitive information and their locations and classify them based on their sensitivity.
DLP rules operates on Content and Context awareness hence Understanding What, Who, Where & How are very important for DLP Security Policies
|Financial statement||Finance Dept||Personal Email||Mail Service||Block, Notify, Audit|
|Financial statement||Finance Dept||Tax consultant||Mail Service||Allow, Notify, Audit|
|Salary Statements||HR Dept||USB||Memory Stick||Block, Notify, Audit|
Read More:- 7 Tips For DLP Implementation
High Volume of False Positive may cause productivity loss, hence plan and systematic approach is very much needed. Black Box and using readymade templates approach should be avoided.
Involve valid business users from all department from the initial stage itself. Business users are the right person to take a quick decision on false positive and IT can tune the rules and policies accordingly.
Proper placement of DLP components is very critical, else you will certainly miss coverage for the important data stream. An updated Network diagram must be available to DLP team to understand the flow of information in the network.
Tight integration between DLP and directory service (AD or LDAP) is essential, else it will be difficult to trace user in case of violation.
This is a re-post of the blog originally published on CISO Platform
Link to original blog: http://www.cisoplatform.com/profiles/blogs/dlp-an-approach
Comments are closed for this blog post