10 Requirements of Data Loss Prevention Part II
In my last article, we discussed the first five requirements of Data Loss Prevention (DLP), including accurate identification of data; the ability to address data whether at rest, in use or in motion; both content and context analysis; an advanced policy framework; and robust workflow and reporting.
The remaining five requirements of an effective DLP solution are as follows:
6. It must be manageable
In order to be effective, a solution must be easy to deploy and manage, with a wealth of wizards and policy templates. It will also offer Web-based administration with role-based access and control, so multiple users can log on to the system concurrently and yet have different views depending on their role in the organization. Finally, it will offer centralized management of all product modules, even in a distributed environment, without having to purchase and deploy a separate management system.
7. It must be scalable
A DLP solution must easily scale with a growing enterprise and include features such as high availability, load balancing, and archiving. DLP technologies must be able to perform continued deep content inspection amidst spikes in traffic, and consolidate events on the network and endpoint across a distributed organization. Finally, the solution must have a flexible architecture so that it can meet the constraints of a non-standard deployment.
8. It must integrate with a wide range of technologies
Organizations today use a variety integrated security and networking tools. A DLP solution must maximize and extend these tools, including directory services, mail, Web filtering, proxy, SIEM, ticketing, and encryption. Integration creates efficiencies and eases system management. A DLP technology should be able to manage policies by users in directory services, automatically route mail to an encryption gateway, and create tickets within support desk systems.
9. It must be from an experienced and reliable vendor
The DLP market has consolidated over the last two years. Security vendors have acquired the most mature and comprehensive solutions leaving behind a few remaining startups faced with a challenging economy. It’s important that the solution purchased be from a reputable vendor with a strong cash flow and balance sheet. In addition to financial strength, the vendor should be technologically strong and be able to demonstrate a history of and roadmap for investment in DLP technology, validated by customer acquisition and references.
10. It must have a reasonable cost of ownership
A DLP solution must provide a reasonable return on investment and cost of ownership. This can sometimes be difficult to quantify since DLP technology is a risk management tool. When evaluating DLP, management must fully weigh the cost of the solution, not just acquisition and deployment costs, against a quantified risk. A full cost analysis will include costs of ongoing management, maintenance, and remediation, as well as the impact to other systems and processes that may require attention to support the solution’s operational readiness.