• United States



Why you should consider outsourcing DLP

Dec 10, 20205 mins
DLP SoftwareSecurity

Data loss due to insider threats is a growing problem, but many companies don't have the resources to support an in-house data loss prevention system. Outsourcing might be the answer.

Insider threats  >  Employees suspiciously peering over cubicle walls
Credit: Thinkstock

We accept the fact that the security operations center (SOC) responds to external security incidents, but people forget that incidents can also be internal. The number of such issues is growing every year. To track and prevent data leakage, it is important to use data loss prevention (DLP) systems. These are easiest to run based on the SOC model, transferring the support functions to the service provider.

The construction and development of a SOC is a continuous process that allows for the comprehensive protection of information. Unfortunately, SOCs are often presented as an out-of-the-box solution that will provide complete protection against data breaches with a single click of a button. The same situation is true with DLP systems, which are also expected to be out-of-the-box solutions that will solve problems that other information security systems have not been able to. Real-life cases show that this approach is wrong.

DLP as a service

No business owner wants to lose profits due to negligent (or malicious) employees. It has become particularly important to identify confidential data leak cases even to those companies that previously did not want to think about it.

In 2020, the COVID-19 virus gave a new impetus to information security outsourcing, including the maintenance of DLP systems by a third-party company. Security leaders realize that the cost of purchasing DLP systems may not be affordable even for large organizations that are ready to allocate necessary budgets. Therefore, a subscription-based model of purchasing DLP support services has started to gain momentum this year. This approach can save a lot of money. You do not need to purchase the system or the equipment needed to install it, and you don’t need to hire more people to work with the system.

Such a service will work similarly to a SOC format, as the service provider runs full technical support of the system and the infrastructure. This ensures the whole life circle of DLP activities, and the customer receives only the results of already processed events and decides whether to conduct internal investigations.

What’s required to work with DLP service providers

Before launching a DLP system, IT professionals must determine what information in the company is considered confidential and write it into internal regulations. After that, it is necessary to prepare documents related to the so-called legalization of the system in the company. Without the adoption of special regulations, it will be difficult to bring employees to justice in the event of an incident.

Moreover, consulting (or, rather, legal) support is required not only at the beginning of the journey but also at all other stages. If you decide to go all the way and sue the employee or contact the police, you need to prepare all evidence and documents properly.

Any company that plans to buy a DLP system needs support in three areas: technical, analytical, and legal. Without any of these areas, the system will either not work at all or will be ineffective. Any outsourcing company that provides DLP services must be ready to cover all these areas, too.

DLP-as-a-service payment models

Not all vendors are ready to change the years-old sales scheme where the price depends on the number of connected employees/seats, but some have started to offer pricing based on the type and quantity of scanned content/data. You can now get both subscription and perpetual licenses. And some vendors are ready to negotiate the price and offer corporate discounts. So, we may see a breakthrough in the well-established DLP market.

New approaches will help the joint efforts of vendors and outsourcing companies to offer full-fledged services, including those operating on the SOC format. Over time, this may help eliminate some negative sides of DLP systems that have to do with the complexity of their installation and operation.

Information disclosure risks

It is often psychologically difficult to outsource DLP support because it is not easy for some customers to assess information leakage risks coming from the service provider. IT managers are afraid that the service provider will become an additional risk factor. That is why many companies still prefer to use their own employees to manage DLPs.

However, this is not necessarily the approach, as even the obligations of the employee as described in the employment contract will not give a 100% guarantee that they will not allow the disclosure of information entrusted to them. The employment contract is designed to protect the employee, as many governments require this. However, with the contract that you sign with a service provider, both parties are equal in their rights and can discuss and fix mutually favorable conditions (fines, penalties, etc.).

If staff members of your company manage DLP, the company must have a complete package of regulations governing the confidentiality of information. A court will reject any claims against employees if they violated a rule that they know about only verbally from a supervisor or by email.

The outsourcing company is not interested in committing such violations because the services provided to the customer are the essence of its business. Major service providers make a lot of effort to check the reliability of their employees. These measures are usually much more significant than those that businesses take at their level.

Although the DLP market remains relatively narrow in terms of the number of specialized companies and people working in them, it is still important to pay attention to the outsourcing company’s reputation, the history of its relationships with other customers, and the duration of these relationships.


David Balaban is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation. David runs and projects that present expert opinions on contemporary information security matters, including social engineering, malware, penetration testing, threat intelligence, online privacy, and white hat hacking. David has a strong malware troubleshooting background, with a recent focus on ransomware countermeasures.

More from this author