A New Guide to Implementing a Successful DLP Program
With an ever-expanding attack surface, organizations are at greater risk of having sensitive data leaked, according to Information Security Forum (ISF), which announced the release of its new digest, Data Leakage Prevention (DLP).
Intended to provide guidance to organizations looking to implement a successful DLP program, the paper offers tips on DLP deployment garnered from the experience of ISF members. The authors detail 10 key attributes of a successful program and try to impress that focusing solely on technology will likely be unsuccessful.
Because ISF members have reported that they experience greater success with DLP technologies when used within a dedicated DLP program, ISF recommends implementing a more structured approach to detect and prevent data leaks.
“DLP has gained in popularity as organizations recognize the importance of adopting a data-centric approach to security,” said Steve Durbin, managing director of ISF. “To fully realize the benefits that DLP can deliver, organizations need to take a structured and systematic approach to implementation that extends beyond simply installing DLP tools and technology. Our latest digest will help organizations to prepare, implement and maintain a DLP program, which achieves objectives and demonstrates risk reduction.”
Preventing data leaks is a greater challenge in today’s mobile workforce, particularly with the advent of cloud computing, but ISF said that implementing a DLP program can significantly reduce an organization’s risk of data leakage. According to ISF, DLP tools need to be implemented as part of a formal program supported by the right blend of people, process and technology when deployed in three phases: governance, preparation and implementation.
“A prerequisite of a successful DLP program is support from executive management and ongoing collaboration with business representatives,” continued Durbin. “By implementing a comprehensive DLP program that encompasses awareness training, tools, supporting technologies and other security controls, organizations can compensate for weaknesses in DLP technology and proactively manage the risk. By deploying DLP technology, organizations can be more vigilant in protecting data whilst ensuring that the right people have the right access to the right data at the right time.”
Source: Information Security Magazine