Choosing Data Protection Platforms: 9 Factors to Consider

 
 
By Nathan Eddy  |  Posted 2013-12-24 Email Print this article Print
 
 
 
 
 
 
 
 

To mitigate the risks from uncontrolled data activity, IT security professionals need to understand where valuable information is located, how and where it is used, and the level of risk it represents. They need to prevent it from falling into the wrong hands, both inside and outside the organization, whether inadvertently or maliciously. With so many data loss prevention (DLP) products on the market, all making similar claims about their ability to mitigate data loss, it is difficult to know how to proactively reduce the company's risk and protect confidential and sensitive data. Particularly in an age where email is the most common mode of communication and bring-your-own-device (BYOD) programs are putting corporate access increasingly in the hands of its employees, there are some critical decisions to make to keep the data secure. In a recent study, CA Technologies analyzed the major factors to consider when selecting and deploying data protection and management platforms. Here are key takeaways from the study.

 
 
 
  • Choosing Data Protection Platforms: 9 Factors to Consider

    by Nathan Eddy
    1 - Choosing Data Protection Platforms: 9 Factors to Consider
  • Find and Protect Sensitive Data at Many Locations

    A robust information protection and control solution ultimately has to protect many potential risk points in an organization. Most organizations start by addressing DLP concerns first, and then expand protection to other areas, such as information misuse. The solution should also address broader regulatory and country-specific compliance needs.
    2 - Find and Protect Sensitive Data at Many Locations
  • Choose Flexible, Customized Remediation Options

    Instead of a one-size-fits-all approach that only allows passive, post-violation review or indiscriminate blocking of all suspected violations, the information protection and control solution should provide the flexibility to take the right action for every individual data policy violation, the report said.
    3 - Choose Flexible, Customized Remediation Options
  • Identity-Based Policy Administration Is Key

    When organizations deploy technology that does not consider identity, generic rules have to be implemented. It is often not sufficient to just know the data classification because, in order to protect and control information, IT administrators need more context, such as who is using the data.
    4 - Identity-Based Policy Administration Is Key
  • Treat Accuracy as a Lynchpin

    No matter how easy it may be to configure a policy, a DLP tool with overly simplified or functionally limited policy capabilities will not deliver meaningful DLP or data control. Key takeaway: If the information protection and control solution cannot perform comprehensive and accurate content analysis, a business won't easily be able to find and resolve true violations among a mass of false positives.
    5 - Treat Accuracy as a Lynchpin
  • Modular Solutions Offer Flexibility and Familiarity

    A modular platform architecture enables the system administrator to determine which combination of control points provides necessary coverage for a company. In some cases, only desktop or notebook controls may be desired, while in others, network control points will be necessary. Endpoint or client components should be able to provide protection even when disconnected from a central server or from the corporate network.
    6 - Modular Solutions Offer Flexibility and Familiarity
  • Scalability in Multiple Directions Is Key

    Security has always been about layers of security controls, but integration is needed to prevent certain risks. Information protection and control cannot be another island of security, but rather the next step in a company's identity and access management process, the report said.
    7 - Scalability in Multiple Directions Is Key
  • Find an Identity-Based Remediation Process

    The study suggests an optimized remediation process should always feature native visibility controls that securely determine which person can review a specific violation. The reviewer must be able to view all relevant information—including the full message, complete files and attachments in their original formats—as well as be able to search automatically or in an ad hoc manner, and to easily find related incidents to aid investigations.
    8 - Find an Identity-Based Remediation Process
  • Settle on an Identity-Based Policy

    The report notes the identity management processes and technology should now extend and integrate with the information protection and control solution, as this integration enables better protection of sensitive data by identity and role. "Identities and an identity's relationship to information are as dynamic as the data itself," the report said.
    9 - Settle on an Identity-Based Policy
  • Improve Control of Messaging

    Email is an ideal starting point because many regulations require organizations to monitor, supervise and control messaging environments for reasons, ranging from inappropriate internal communication to illegal communication outside the organization or country. As the most frequently accessed and used electronic application in all companies, email is, without question, the most susceptible data misuse point for most organizations.
    10 - Improve Control of Messaging
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
Rocket Fuel