Data Loss Prevention Dos and Don'ts

Data loss prevention tools provide powerful security capabilities - if used correctly

By Mary Brandel

Page 2

Evaluating and Implementing Data Loss Prevention

Here are critical dos and don'ts for evaluating and using DLP tools, based on input from CSOs and analysts:

DO think about network requirements. Nearly every DLP product claims to support Gigabit Ethernet speeds without packet loss or significant latency, according to Gartner; however, the company says, few products can actually function at gigabit speeds in a production environment. Here's what Gartner says companies need in terms of relevant sustained bandwidth.

Large: 200M bps to 500M bps

Medium: 50M bps to 200M bps

Small: Less than 50M bps

When Scott Mackelprang, vice president of security and compliance at Digital Insight, implemented a tool from Tablus, he worked intimately with network administrators. "Tablus sends out agents across the network, so they were afraid we'd clobber it," he says. "I'd advise people to involve the network people up front so they can dissolve those concerns up front." He says Tablus controls the movement of agents in a way that protects the network. DO figure out what you're trying to protect. Jon Oltsik, senior analyst at Enterprise Strategy Group, says, "It's important to start with some sort of requirement, some question you want answered." For instance, are you looking for access control violations, accidental data exposure issues or to reinforce policies? Are you mainly concerned with protecting private data, such as personally identifiable data, in order to comply with government regulations, or do you need to protect intellectual property that, if exposed, could damage your competitive advantage?

DO pilot DLP tools in your own environment before deciding which ones will work best for you, Oltsik says. "Everyone talks about how their detection is better than others, but there's no way to tell which one works better without running a few products side by side it in your environment, on your data, with a couple of your rules." See which ones come up with the most alerts and which have the most false positives and negatives. "If you don't, you're really taking a risk, no matter how good the canned presentation is," Oltsik says.

DON'T buy a data loss prevention product to guard against malicious activity such as data theft. According to Gartner, the tools are actually better at helping companies identify bad security practices and accidental data leakage. As the technology evolves toward combination host- and network-based products, it will deal more directly with the problem of malicious attacks, Gartner says. But current systems will stop only the most basic of criminal activities.