Next Generation DLP
Do you already have a DLP (Data Loss Prevention) solution or are you planning for one? - First choice to have to make is, a light DLP solution covering only certain channels or a full suite. We propose going for full suite since you might yet know, where you will need protection tomorrow. Plus a DLP initiative is definitly not done, when the infrastructure component can detect a possible loss or leak. Actually that is there your DLP journey is about to start.
Light solutions are well as solutions form silo providers (the big, the world-is-mine providers - you know which one I mean - yes those ;-) provide what we often describe as Feel-Well-Security. They provide you the tick in your compliance dance card and that's it. Real protection of your assets - ney, considering your business process, organzation and corporate culture - nep, allowing to effectively process numerous incidents by the people that must do it - rather not. That often results in a nice, failed infrastructure project. Lots of money for actually an unusable system or at best an expensive to operate system.
Now next generation DLP as we see it, requires a product underneath, that covers all your critical egress points (endpoints, web, mail, cloud etc.) - at the end, it does not matter how your assets got lost - gone is gone. In a world where the perimeter is increasingly difficult to find or to be defined, zones where you allow sensitive information and where not are crucial. Protecting the "cloud" is not a challenge you want to take. Therefore know your assets, protect your assets, make sure "need to have" is established is crucial. Nothing new you say - partially correct. The bad news, power players like the big ones or the difference x-forces all have the same believe. Your data is most save, when with them. They being a risk themselves is blasphemy. But we life in a world, where many countries have almost no choice to protect their interest, that blunt industrial espionage. Not very optimal foundations for a global economy.
Therefore if you have something unique, you must take care of the protection yourself because nobody else will (besides professional security consultants like us - obviously ;-). So define the perimeter (don't be to nice with your providers - they might be sorry, when loosing your data, but that is about all you get from them), establish your controls for the relevant assets and get ready to catch some fish. In our experience, you will catch some large ones soon. Now begins your DLP journey.
Read further in the soon to be published next episode of this topic (you now it from the TV series - the most interesting aspect is always in the next episode ;-)