CA Community






This Blog
Syndication

DLP as a process

Published: January 18 2012, 07:38 AM
by Henk van der Heijden

 

I read with interest recently a paper from Forrester called ‘Rethinking DLP' by John Kindervag.

John made two observations about DLP strategies today:

1) strategies treat DLP as a product rather than an embedded function or process

2) most strategies focus on financial data such as cardholder information or personal identifiable information such as social security numbers in the US for example and forget IP

Treating DLP as something which can be addressed by a point product solution is doomed to fail, firstly because an organization is limited to focusing on the data itself, or only one potential data loss channel, such as removable media.

Most solutions on the market today are limited because they focus only on an end point -not allowing data to travel out through social media for example, or, by document type. How do you apply this approach to an excel file? You prevent financial information in an excel spreadsheet being sent via email by a financial clerk. But what about the CFO? Or what if we simply take a picture of the data source? This highlights the limitations of treating DLP as a point product solution; it's not a holistic approach and doesn't take into account other parameters such as the identity, the content and the context of the user.

Secondly the nature of the approach of Data Loss Prevention assumes the data is accessible in the first place. With a more holistic approach, that considers data protection combined with policies around identities and their access to data, this access assumption is not made.

Approaching DLP from a data protection perspective means implementing policies around identity and access management, giving the right people the access to the right data, and then knowing and understanding what they are doing with it. This approach negates the need for the silo end point DLP solutions which may prevent losses through certain channels, but may miss other channels for example. 

By the nature of this approach, an organization becomes more aware of the different types of data it may hold, because the data protection approach asks the questions of who has access to what data and what can they do with that data. Read more about Data Protection solutions and CA Technologies holistic approach here:

Content Aware Identity and Access Management solutions

 

 

Share this post:  
Leave a comment

 

By: Henk van der Heijden
Henk is responsible for Security Sales in Europe. He is an information security professional with over 24 years’ experience in IT sales and services. Henk has an illustrious history of producing results through new sales and business development both in the Netherlands and across Europe. In his previous...
Read More..

Comments:

No Comments

Leave a Comment

* An asterisk indicates a required field

* :  

:

* :  

 Submit