Employees regularly see triple digit counts for daily email volume. Add in the Excel sheets, the PowerPoint decks, the CAD drawings, etc and you quickly realize that your organization’s data volume is not only expanding, but the rate at which it is doing so is also accelerating. The challenge of how to protect that data in the corporate world is solved with a combination of people, process, and technology, and for the latter, many organizations will implement a data loss prevention (DLP) solution. In fact, Gartner says that half of organizations currently use DLP and projects that 90% will do so by 2018.* So how do you decide the right approach to DLP?
The most important consideration before undertaking a DLP project is to determine your organization’s primary data protection objective. Traditionally, organizations adopt DLP to achieve one of three objectives:
- Compliance
- Intellectual Property Protection
- Business Partner Compliance
Let’s look at each of these in more detail.
Compliance
Compliance has long been and remains a primary driver of DLP demand. Regardless of where you stand in the “compliance vs. security” debate, the fact remains that when your PCI QSA comes calling you will need to demonstrate that you are in compliance with regulations. Ultimately, compliance will always be a component of security, but should not comprise the entire security program.
Intellectual Property Protection
Intellectual property (IP) is the secret sauce that drives competitive advantage and is often the reason why your customers choose you over the competitors. While IP was once considered to consist primarily of trade secrets and patent- or copyright-protected information, today’s definition of IP has widened to include any intangible assets that drive competitive advantage or shareholder value: pricing models, business strategies, customer profiles and behavioral data, information related to pending deals, and business analytics all can be considered IP today as long as they are used to create value for their firms. Simply put, IP-rich organizations should approach their DLP efforts as a means to protect their competitive advantage and company value.
Business Partner Compliance
The globalization of the supply chain means that manufacturers of goods and services rely on global relationships to deliver value to their customers. To facilitate this requires an unimpeded data flow, and often this stream contains sensitive data. This collaboration and information sharing requires robust data protection, with many large manufacturers and other enterprises going as far as to require certain security measures are in place before doing business with a new partner or vendor.
Determining Your Primary Objective
Each of these three use cases may exist in your organization, and in many cases you may need to pay attention to more than one. As with any business decision, understanding what your business deems most critical will be instrumental in the decision where to put down your first dollar, euro, etc. For more tips on developing your DLP strategy, download our Definitive Guide to Data Loss Prevention – start reading now, no registration required.
Read more in our Definitive Guide to DLP Series
- Do you need DLP? Well, do you feel lucky?
- The Evolution of DLP: 4 Reasons Why DLP is Back in the Limelight
- Debunking the Three Myths of DLP
- Call it a Comeback: 7 Trends Driving the Resurgence of DLP
- All Trends Lead to Data-Centric Security
- What is Driving Your Data Protection Agenda? Determining the Right Approach to DLP
- Building a Value-Based Business Case for DLP
- Positioning DLP for Executive Buy-In
- 5 Criteria for Choosing the Right Managed Security Services Provider (MSSP)
- How to Evaluate DLP Solutions: 6 Steps to Follow and 10 Questions to Ask
- Getting Successful with DLP: Two Approaches for Quick DLP Wins
- Two Frameworks for DLP Success
*Source: Gartner, Inc., Magic Quadrant for Enterprise Data Loss Prevention, Brian Reed and Neil Wynne, January 28, 2016.
