In 
iP is a good place to start before moving to larger datasets with more owners and business processes.
The six steps below for deploying data security controls come from Neil Thacker, information security and strategy officer for the Websense office of the CSO and former head of security operations for Camelot (UK national Lottery) and Deutsche Bank.
- Calculate the value of your data. Without a plan, this can be the most difficult part of the process. Data values can rise and fall as quickly as financial markets. The key to solving this problem is working with your executives and information owners. Determine a simple formula to estimate the value of your data.
- Make your RoI case. To increase security spend and roll out new data security controls, you must demonstrate RoI. This means clearly quantifying the immense value that comes when you know where your data is, who is accessing it and how it’s being used. It’s critical to analyze, communicate and share the financial and organizational impact of stolen and lost data.
- Monitor and log your data. Next, start monitoring who has access to data and observe how data moves around your network. Many organizations turn to a DLP solution for this. The best DLP solutions have the ability to monitor the perimeter entry/exit points for data in motion and thoroughly monitor endpoints for data in use. The initial monitoring phase should not last longer than a few weeks after deployment, even after tuning your policies to remove false positives. A good solution should quickly provide clarity into common data movement trends.
- Apply data security controls. We often speak with organizations that are stuck in step three, in the monitoring and logging phase. They identify incidents as they happen, but lack confidence in applying controls to stop data leaving the organization. This is a mistake. Gartner demonstrated some time ago that passive security controls were dead. The same goes for DLP used exclusively in a monitor-only deployment. It doesn’t demonstrate RoI to most businesses, especially if a significant loss or breach occurs while you are monitoring. We must apply controls. First, revisit your most valuable data. Start amending the rules and policies to begin active protection of those crown jewels. We don’t recommend enabling all block rules immediately. Our experience indicates that a phased approach is the most efficient way of applying data security controls.
- Find your data. Once you have a score associated with each data type and the funding to proceed, the next stage is to locate the sensitive data on your network. Based on the scoring exercise explained above, it’s always advisable to begin this process.
- Focusing on your crown jewels minimizes the negative impact to your network. Unfortunately, stand-alone discovery and data mining services are usually expensive and take a considerable time to run. Another option is relying on DLP solutions. most leading DLP solutions offer a mechanism to discover, identify and fingerprint data in periodic sweeps. These sweeps can be scheduled daily, weekly or monthly. This process provides a marked increase in visibility and improved efficiency by identifying duplicate data and flagging it. (Many organizations waste large amounts of money backing up and storing duplicated data; to a security officer, reducing the cost of this process is great additional justification for the purchase of a DLP solution.
- Implement proactive protection and increase employee education. As user awareness becomes more prominent, the number of blocked incidents will stabilize and the number of monitored incidents will go down. Why? A typical user is much more aware prior to clicking on a link or sending an email if they understand that these actions will result in a block and notification. As a result, information owners and security teams gain tremendous value through proactive protection, as well as a beneficial reduction in the it team’s workload.
Add new comment