Data Leak Prevention, Data Loss Prevention - all the same thing, very important these days, yet do we really take it serious? Do you really understand what DLP is? Do you want to block, do you want to monitor - and everyone needs a formal incident response.
Successfully using DLP to find & defend sensitive data is depending on a few key items. First - get a handle on your data storage - get it organized and maintained. I would recommend some group policy and operational policy on data storage. I would also highly recommend data classification, data retention, and a robust archive solution.
DLP can help you reduce the number of incidents of data loss, fewer audit findings, and potential financial exposure. But more important - it maybe the tool to let you know you had an incident. Will help you enforce established policies, but show other exposures so you can keep the policies accurate and effective.
DLP is not the cure all to data loss. It is a tool to help you manage this huge effort, but it still comes down to monitor, due diligence, employee honesty and integrity. I would also propose that many times data loss is not intentional acts, but by error. Employees not knowing where to store their data, putting a sensitive PowerPoint presentation out on FTP so they can get it from home to work on, and the list goes on. Keep your employee educational programs active and when you find these procedural errors - force the training issue.
I am amazed at times how unstructured data management really is in many companies today. One of the greatest assets is your data, yet we put very little effort in maintaining it. Now is the time!
DLP takes resources, commitment, financial investment and HR policy(s). It is not a plug and play tool - don't make that mistake.
Keep positive!
Scott Arnett
scott.arnett@charter.net
About Me
- Scott Arnett
- Scott Arnett is an Information Technology & Security Professional Executive with over 30 years experience in IT. Scott has worked in various industries such as health care, insurance, manufacturing, broadcast, printing, and consulting and in enterprises ranging in size from $50M to $20B in revenue. Scott’s experience encompasses the following areas of specialization: Leadership, Strategy, Architecture, Business Partnership & Acumen, Process Management, Infrastructure and Security. With his broad understanding of technology and his ability to communicate successfully with both Executives and Technical Specialists, Scott has been consistently recognized as someone who not only can "Connect the Dots", but who can also create a workable solution. Scott is equally comfortable playing technical, project management/leadership and organizational leadership roles through experience gained throughout his career. Scott has previously acted in the role of CIO, CTO, and VP of IT, successfully built 9 data centers across the country, and is expert in understanding ITIL, PCI Compliance, SOX, HIPAA, FERPA, FRCP and COBIT.
No comments:
Post a Comment