Security Manager's Journal: A rush to judgment on DLP deployment
Our manager gets funding for DLP deployment added to his current budget. But that budget expires in a few weeks.
I got most of what I asked for, and I got it early. Sounds good, right? Not so much.
In my planning for 2012, I requested budget for data leak prevention (DLP). I had reason to believe I had a decent shot at getting the funding. I have a mandate to protect the company's intellectual property, and DLP has been a hot topic within the executive ranks.
I just learned that I'll be receiving a portion of my budget request, but not in 2012. It's been tacked onto the remaining 2011 budget. That means I have to buy a DLP tool before the end of the year. It appears that the executives have been persuaded that DLP will be a valuable piece in our security arsenal, and they've decided that the sooner we implement it, the better. The good news is that executives in this company take information security seriously. The bad news is that they don't understand that there is great value in taking time to study a technology before making a decision. If you rush, you can end up with something that doesn't really address the issues you want to tackle.
My original plan was to hire two DLP analysts and to work with them on a proof of concept. The reduced budget means I can hire only one analyst, but the time crunch makes matters even worse. We only have two months to conduct a formal proof of concept -- two months that are packed with holidays. What's more, I don't have the budget or head count to support a comprehensive DLP deployment.
Such a deployment would combine network DLP with discovery and endpoint technology. With network DLP, you identify data for monitoring, and you are then alerted when any of it leaves the company, be it through Microsoft Exchange email, webmail, file uploads, social media, FTP or any other method. As the name implies, though, network DLP only monitors traffic on the network. If identified data is on a laptop and that laptop goes off the network, you're blind. Endpoint DLP extends the DLP policy to devices that can work off the network. Discovery DLP lets you determine where all sensitive information resides, and it alerts you when any of that information is moved or is someplace it shouldn't be.
With the budget and time frame I've been given, our initial deployment will be restricted to network DLP at our three largest sites. That's not 100% coverage, but it's pretty close. I'll also be able to make use of my own experience, since I've deployed DLP in the past with success.
In the next few weeks, we will conduct limited proofs of concept, asking vendors to set up environments for testing our use cases. That won't leave much time for us to make our choice, negotiate the price and get the contract reviewed by legal.
But if all of that happens in time, we can start the new year setting up our new tool. I expect to create some initial structured data rules that look for things like credit card numbers, Social Security numbers and some source code. I'll also include keywords such as code names for mergers or acquisitions we might be involved in, so the DLP system will look for those code names in all communications. For the unstructured data, I will create protected directories for each major business unit. The units will then identify all of their sensitive data and place a copy of it in their respective directories.
Once documents have been identified, we will monitor the networks for data leaving the network. Events will trigger a notification that will be sent to the person responsible for reviewing alerts and determining whether they warrant further action.
In other words, we will make the most of what we have been given. This week's journal is written by a real security manager, "Mathias Thurman," whose name and employer have been disguised for obvious reasons. Contact him at email@example.com.
Join in the discussions about security! computerworld.com/blogs/security
More by Mathias Thurman
- Security Manager's Journal: Another step toward eliminating data loss
- Security Manager's Journal: Siccing MDM on personal mobile devices
- Security Manager's Journal: An admin surfing on a server? That's a big no-no
- Security Manager's Journal: Time to tweak the security policies
- Security Manager's Journal: Found: 30 unmanaged servers that shouldn't be
- Security Manager's Journal: The ins and outs of extending DLP
- Security Manager's Journal: Move to hosted email opens new vulnerabilities
- Security Manager's Journal: Two big goals for 2014 budget won't require a lot of money
- Security Manager's Journal: When data classifications meet the real world
- Security Manager's Journal: Learning to let go and offshore
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts