Security Manager's Journal: A rush to judgment on DLP deployment
Our manager gets funding for DLP deployment added to his current budget. But that budget expires in a few weeks.
I got most of what I asked for, and I got it early. Sounds good, right? Not so much.
In my planning for 2012, I requested budget for data leak prevention (DLP). I had reason to believe I had a decent shot at getting the funding. I have a mandate to protect the company's intellectual property, and DLP has been a hot topic within the executive ranks.
I just learned that I'll be receiving a portion of my budget request, but not in 2012. It's been tacked onto the remaining 2011 budget. That means I have to buy a DLP tool before the end of the year. It appears that the executives have been persuaded that DLP will be a valuable piece in our security arsenal, and they've decided that the sooner we implement it, the better. The good news is that executives in this company take information security seriously. The bad news is that they don't understand that there is great value in taking time to study a technology before making a decision. If you rush, you can end up with something that doesn't really address the issues you want to tackle.
My original plan was to hire two DLP analysts and to work with them on a proof of concept. The reduced budget means I can hire only one analyst, but the time crunch makes matters even worse. We only have two months to conduct a formal proof of concept -- two months that are packed with holidays. What's more, I don't have the budget or head count to support a comprehensive DLP deployment.
Such a deployment would combine network DLP with discovery and endpoint technology. With network DLP, you identify data for monitoring, and you are then alerted when any of it leaves the company, be it through Microsoft Exchange email, webmail, file uploads, social media, FTP or any other method. As the name implies, though, network DLP only monitors traffic on the network. If identified data is on a laptop and that laptop goes off the network, you're blind. Endpoint DLP extends the DLP policy to devices that can work off the network. Discovery DLP lets you determine where all sensitive information resides, and it alerts you when any of that information is moved or is someplace it shouldn't be.
With the budget and time frame I've been given, our initial deployment will be restricted to network DLP at our three largest sites. That's not 100% coverage, but it's pretty close. I'll also be able to make use of my own experience, since I've deployed DLP in the past with success.
In the next few weeks, we will conduct limited proofs of concept, asking vendors to set up environments for testing our use cases. That won't leave much time for us to make our choice, negotiate the price and get the contract reviewed by legal.
But if all of that happens in time, we can start the new year setting up our new tool. I expect to create some initial structured data rules that look for things like credit card numbers, Social Security numbers and some source code. I'll also include keywords such as code names for mergers or acquisitions we might be involved in, so the DLP system will look for those code names in all communications. For the unstructured data, I will create protected directories for each major business unit. The units will then identify all of their sensitive data and place a copy of it in their respective directories.
Once documents have been identified, we will monitor the networks for data leaving the network. Events will trigger a notification that will be sent to the person responsible for reviewing alerts and determining whether they warrant further action.
In other words, we will make the most of what we have been given. This week's journal is written by a real security manager, "Mathias Thurman," whose name and employer have been disguised for obvious reasons. Contact him at firstname.lastname@example.org.
Join in the discussions about security! computerworld.com/blogs/security
More by Mathias Thurman
- Security Manager's Journal: Taking steps to better lock down the network
- Security Manager's Journal: Dealing with the heartburn of Heartbleed
- Security Manager's Journal: A deal that's too good to be true
- Security Manager's Journal: Virtual machines, real mess
- Security Manager's Journal: Stopping vendors from making us a Target
- Security Manager's Journal: Thousands of dollars in phone calls? Management hates that.
- Security Manager's Journal: Another step toward eliminating data loss
- Security Manager's Journal: Siccing MDM on personal mobile devices
- Security Manager's Journal: An admin surfing on a server? That's a big no-no
- Security Manager's Journal: Time to tweak the security policies
Read more about Security in Computerworld's Security Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!