Data Loss Prevention Dos and Don'ts

Data loss prevention tools provide powerful security capabilities - if used correctly

"Understanding network activity is the first step to knowing what to do to improve your overall security program," he says. "Going in blind and installing prevention at the desktop won't give you the visibility you want."

DO inform your employees they're being monitored. Not only does this let employees know what you're capable of doing, but it also teaches them what they need to do to protect sensitive data. After deploying a tool from Vericept, Sharon Finney, information security administrator at DeKalb Medical Center in DeKalb County, Ga., says the healthcare organization disclosed to employees that it fully monitors every piece of data that crosses the network, internally and externally, even requiring employees to sign a form saying they understand this.

DO make sure the tool has built-in capabilities to detect what is most important to you. When Finney went looking for a DLP tool four years ago, the main motivation was compliance with HIPAA, as well as monitoring employee Web use. "We allow some limited personal use of the Web, so we assumed a certain amount of risk in terms of what people posted to external Web sites or attached in their e-mail," she says. That's why Finney chose a tool that could monitor Web use and had built-in HIPAA rules.

DO consider data at rest. The main reason that Mackelprang decided to deploy Tablus was not to see sensitive data flowing over the network or outside the enterprise but what was sitting on people's desktops. "Such a large percent of data that gets exposed is on stolen laptops, when people didn't even know the data was on there," he says. "It's bad processes, not ill intent."

DO find a tool with lots of flexibility in terms of data handling. At DeKalb, Finney plans to start using the blocking capabilities of the Verdasys tool, but she also wants to use its self-compliance feature. When the tool flags sensitive data, it gives users options on actions they can take, like encrypting the data. "Some people think blocking is disruptive, but we allow users the ability to do what they think needs to be done with the information."

Mackelprang is also happy with the fact that Tablus allows him to quarantine data, encrypt it, quarantine and encrypt it or just alert him of a breach. "If you're just starting out, you might want it to just alert you for a while until you educate users to change their process, and then later, after they're sensitized, if there's a clear violation, you can crack down," he says. "It allows the tool to grow with maturity."