Skip Links

Solving the DLP Puzzle: Survival Tips from the Trenches

By Bill Brenner, CSO
July 16, 2009 10:00 AM ET

CSO - It's no easy task implementing a data loss prevention (DLP) program when there's so much disagreement in the security community over what DLP entails. But those who've been through it have good news: It can be done.

Several IT security practitioners told CSOonline they achieved a reasonable DLP program once they stopped listening to vendors trying to sell so-called "DLP out of the box" products and focused instead on mixing myriad security technologies with training programs to help users defend themselves -- and, in turn, the companies they work for.

Though the people policies are pretty consistent across business sectors [see Solving the DLP Puzzle: 5 Ways Employees Spill Data], there's no one-size-fits-all approach to the technology side of things. There are common tools, mind you, but they are not assembled the same way in every enterprise [see Solving the DLP Puzzle: 5 Technologies That Will Help].

Finding what's right for the individual companyChuck McGann, manager of corporate information security services for the U.S. Postal Service, has heard many a vendor pitch and found that even though they were pitching DLP, nothing they offered fit his individual needs.

"I have had too many conversations with vendors telling me how their products work, and they just don't meet my enterprise needs in terms of how they function in the pattern-matching and false-positive-reduction areas," he said.

For his part, McGann determined the technological part of his DLP program needed to address the following areas:

  • Keyword pattern matching
  • Auto quarantine for files that violate policy
  • The ability to specify and use certain combinations of data for matching
  • Exact data matching
  • Detection of specific data at rest and in transit
  • Robust reporting capability

Meanwhile, he determined he did not need to invest in additional encryption, ACL and data-in-transit-masking technology.

Saving users from themselvesWhile he agrees user awareness training is important, Career Education Corp. CISO Michael Gabriel decided his enterprise can only do so much to save users from themselves. Therefore, he went in search of technology that would address his particular needs. [Listen to the full interview with Gabriel in Deconstructing DLP: How One CISO Pulled It Off]

"Explaining everyone's role to them is much less of an issue if you can let technology minimize their role," Gabriel said. "Any time you rely on the end user to do something, you're likely to fail."

His journey into the world of DLP started with the search for e-mail encryption as a way to accomplish what he described above. He noted that he was the first Vontu customer in Chicago, implementing the vendor's Prevent product in 2005 as an integration with an Ironport MTA and the PGP Universal encrytion gateway to provide his company with an automated e-mail encryption solution. By finding something that detects confidential information using exact data matching -- automatically encrypting it if being sent to an authorized recipient -- he was able to meet a major piece of his DLP goals.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News