5 Myths that are Killing your Data Loss Prevention Strategy

Background:

Although the need for data loss prevention has gained visibility among security and compliance communities in recent years, many organizations are still reluctant to adopt DLP programs. Often, this hesitation is based on a misunderstanding of the technology. The following are five of the top myths that detract from effective DLP strategy development.

2

Myth #1: DLP is not for the faint of heart

A common misperception about DLP is that it requires an enterprise-wide effort to begin.

While many organizations will migrate to comprehensive coverage over time, the most successful deployments start small and focused.

Include business process owners in the discussion to ensure their understanding and buy-in.

You can add another data category once the pilot DLP program is running smoothly.

3

Myth #2: My network will choke

Inspecting each data packet as it travels on the network isn’t necessary.

Instead, data should be classified as it is created or modified on the endpoint.

Once classified, add a persistent classification tag is to data.

Intelligent endpoint agents can read these tags and enforce usage rules based on data classification, user type, the requested action, and other contextual aspects of data activity.

This results in better visibility and control, without network latency.

4

Myth #3: DLP won’t work outside my network

Data loss prevention is simple to understand when applied to devices inside your network, but many believe it’s not effective outside the network or in virtual environments.

In fact, data-centric DLP works everywhere, because the protection is applied directly to data, not the device, network, or user account.

Applying DLP practices at the data level can automatically prevent sensitive data from leaving your network.

It can also force any data that does leave to be encrypted (and decrypted only by devices you manage) or restrict transfers to approved devices only.

5

Myth #4: Complicated content analysis is required

As discussed, content analysis examines file contents for specific patterns, such as social security and credit card numbers.

While this can be useful for PCI and HIPAA compliance, it isn’t a requirement for effective DLP.

Contextual awareness allows for a simpler means of classifying data automatically, simplifying classification and accelerating DLP adoption while preserving the privacy of employee communications.

Rather than examining data content, this method associates a classification with pre-defined contextual characteristics.

6

Myth #5: DLP will interfere with legitimate use of data and affect productivity

Modern DLP, applied at the data level, does not affect legitimate users following corporate policies.

Endpoint agents can classify data automatically and enforce policies transparently.

This data loss prevention approach will, if desired, block unauthorized use, but it can also be used in non-obtrusive ways, such as warning or prompting users about risky behavior.

This capability reinforces an organization’s security policies, and provides timely guidance that allows users to self-correct habits that put data at risk of loss.

7

Additional DLP Resources

8

Is your DLP program up to snuff? Use our Data Protection Vendor Evaluation Toolkit to find out:

Get the Data Protection Vendor Evaluation Toolkit

For more on data loss prevention and the fundamentals of data security, check out our Data Protection 101 Series:

Data Protection 101