IT Security Purchasing Intentions 2013 - Europe

4/11

Rolling out Data Leakage Prevention (DLP)

ISSA-UK, a professional association for IT security professionals, advises organisations to start a Data Leakage Prevention [DLP] project with a pilot in a small, self-contained business area or function and to begin by detecting leaks only, rather than attempting to block them.

"Don't block anything until you know what you are dealing with and tune your policies based on that learning. Look for false negatives as well as false positives by creating lots of test scenarios, otherwise leakage of real sensitive data could occur," said Adrian Wright, vice president of research for the group.

According to Nigel Stanley, CEO at security consultancy Incoming Thought, DLP has been sold as the answer to all a corporate's problems when it came to data loss. But very quickly clients he worked with found it unwieldy and ineffective.

"Back in 2009 I suggested that DLP should be coupled with data encryption (DE) so that any gaps in a DLP solution should only see encrypted data going missing.

"Nowadays I see DE being the primary mechanism to prevent data loss instead of a DLP. But DE is problematic, as while encrypting data is trivial, the key management can become a burden very quickly. In clients I work with, I see DE in 95% and DLP in around 5%," he said.

Download our complete security survey results here.

View All Photo Stories

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close