LOOKING TO AUGMENT YOUR DLP PROGRAM? TRY MANAGED SERVICES
Too often, businesses purchase DLP in an effort to check a regulatory box. The investment is made, DLP is physically implemented, then no one ever looks at it again. This common misuse of the program does little to improve security. In fact, it’s akin to throwing money down the drain. DLP needs attention to meet its usability potential. Generated incidents must be reviewed regularly to identify broken business processes, malicious insiders, and other data breaches. Particularly in the early stages, time and expertise are required to review incidents and perform policy tuning.
DLP is not a core competence of most organizations and failing to understand its characteristics can have a significant negative impact on DLP performance. Organizations trying to implement DLP without support frequently end up with detection blind spots, disrupted business processes, and – most notably – a significant time lapse before DLP unfolds to its full potential. In the meantime, the reputation of DLP as a useful risk mitigation tool suffers, further complicating implementation because of poor employee acceptance and management resistance.
THIS IS WHERE MANAGED DLP SERVICES COME INTO PLAY
Managed Data Loss Prevention (MDLP) Services is a strategic partnership between an organization and an MDLP Service provider, governed by Service-Level Agreements. In essence, MDLP allows a business to outsource its DLP activities to an experienced third party to capture the true value of DLP. Infolock’s Managing Partner Sean Steele defines MDLP as a “boutique, niche” service, and it is precisely these two characteristics that make Managed DLP Services so valuable:
Boutique: DLP needs to be customized to reflect the organizational structure, network architecture, and sensitive data requirements unique to each organization.
Niche: DLP is a highly-specialized software suite. It is usually not part of a general IT or InfoSec specialist’s repertoire, and extensive training is necessary to become proficient with this complex solution.
Going the MDLP route has multiple advantages. During implementation, well-trained analysts act as subject-matter experts to explain DLP capabilities and limitations. In the operation stage, they use their expertise to review generated incidents and fine-tune policies for better detection rates.
One powerful benefit of utilizing an MDLP service provider stems from the fact that the provider’s analysts work in multiple environments at the same time. This gives them an extensive overview regarding industry-wide trends, general false-positive creators, and client-specific anomalies. Experiences gained from one environment can easily be applied to other clients where applicable. This proactive approach cannot be replicated if DLP is exclusively managed in-house.
DLP is a very powerful cybersecurity solution, but establishing expertise in-house is expensive, time-consuming, and error-prone. Ultimately, an efficient DLP implementation can make the difference between a properly identified and mitigated data breach, and a data breach that was either not identified at all or not stopped in time to prevent significant damage. As a result, MDLP services can significantly improve an organization’s DLP program implementation and management.
Dennis Sawatzki is a Senior Security Analyst with Infolock's Managed Services team. He lives and works in Berlin, Germany.