Care To Invest In Data Loss Prevention
Organizations underestimate the need for the involvement of non-IT units.
Prevention against data loss (DLP or "Data Loss Prevention"), normally provided by the manufacturers together with network appliances, continues to be a very expensive technology, which compels organizations to spend money on parts that never get to use or even install. And, although the adoption of DLP systems by companies is often motivated by the risk analysis, the department ultimately implement the solution without involving the business divisions of the organization.
The involvement of other divisions of the company such as human resources and finance department, is essential for the effective establishment of policies and interaction with employees whose behavior data sharing will be monitored by the DLP hardware or the software in use.
The DLP Doesn't Manage The IT Data, Only Compliance
DLP technology can be used to protect sensitive customer information, such as details of their payment cards and medical records, preventing them from being transmitted in an unauthorized manner (e.g: unencrypted) or can be also used to monitor loss of important intellectual property.
Organizations underestimate the need for the involvement of non-IT firms units. In many cases, enough to not even be appropriate IT to determine what DLP systems must report in terms of compliance, but the truth is that the practical use of DLP monitoring does not pass often by the right people.
Although the products offered by manufacturers have greatly improved over time in terms of the number of false positives they generate in comparison to what happened two years ago, the price of solutions continues exaggerated. This is especially relevant in relation to network appliances DLP and detection of the most sophisticated tools, which Gartner categorizes as "Enterprise DLP" in which DLP software agents - that is, the networking tools and detection - are used across the organizations.
The purchase of these solutions by enterprises is often based on costs, confusing and overly detailed for organizations that quickly raise the final bill. The good news is that the price of DLP systems for terminals dropped considerably in the last two years, having risen from a few hundred to tens of dollars. However, the price of network appliances and detection tools not changed.
What we've learned over the past five or six years is that organizations seem to buy more than they really need DLP, ultimately did not deploy in time of all the components that have acquired.
Weaknesses Of DLP
The inconvenient truth about DLP is that it is almost always used to monitor only the mistakes or bad behaviors of employees with regard to the transmission of data, and not to block these actions. The cost of supporting the blockage of these transmissions may be too burdensome for companies, as well as network utilization. But only use the DLP technology for monitoring tasks is not necessarily a bad thing, since many companies find that automatic warnings generated can help their employees to correct their behavior. It may even be more productive than having a system that simply block the action.
DLP technology has several weaknesses. Among them, the fact can not filter encrypted content, since it is not able to decode them, and also not filter contents as CAD diagrams, charts, images or other non-text formats. In addition, manufacturers also provide support to resist Mac, Linux or Unix operating systems.
Customers DLP solutions must take into account also that the options that can connect them take a long time to a supplier. Typically, DLP policies are individualized by manufacturers. In other words, it is not possible to get a policy and apply it to products from another manufacturer. However, this scenario is likely to change in coming years if there is greater pressure to normalize the XML-based formats.