Choosing Data Protection Platforms: 9 Factors to Consider

by Nathan Eddy

A robust information protection and control solution ultimately has to protect many potential risk points in an organization. Most organizations start by addressing DLP concerns first, and then expand protection to other areas, such as information misuse. The solution should also address broader regulatory and country-specific compliance needs.

Instead of a one-size-fits-all approach that only allows passive, post-violation review or indiscriminate blocking of all suspected violations, the information protection and control solution should provide the flexibility to take the right action for every individual data policy violation, the report said.

When organizations deploy technology that does not consider identity, generic rules have to be implemented. It is often not sufficient to just know the data classification because, in order to protect and control information, IT administrators need more context, such as who is using the data.

No matter how easy it may be to configure a policy, a DLP tool with overly simplified or functionally limited policy capabilities will not deliver meaningful DLP or data control. Key takeaway: If the information protection and control solution cannot perform comprehensive and accurate content analysis, a business won’t easily be able to find and resolve true violations among a mass of false positives.

A modular platform architecture enables the system administrator to determine which combination of control points provides necessary coverage for a company. In some cases, only desktop or notebook controls may be desired, while in others, network control points will be necessary. Endpoint or client components should be able to provide protection even when disconnected from a central server or from the corporate network.

Security has always been about layers of security controls, but integration is needed to prevent certain risks. Information protection and control cannot be another island of security, but rather the next step in a company’s identity and access management process, the report said.

The study suggests an optimized remediation process should always feature native visibility controls that securely determine which person can review a specific violation. The reviewer must be able to view all relevant information—including the full message, complete files and attachments in their original formats—as well as be able to search automatically or in an ad hoc manner, and to easily find related incidents to aid investigations.

The report notes the identity management processes and technology should now extend and integrate with the information protection and control solution, as this integration enables better protection of sensitive data by identity and role. “Identities and an identity’s relationship to information are as dynamic as the data itself,” the report said.

Email is an ideal starting point because many regulations require organizations to monitor, supervise and control messaging environments for reasons, ranging from inappropriate internal communication to illegal communication outside the organization or country. As the most frequently accessed and used electronic application in all companies, email is, without question, the most susceptible data misuse point for most organizations.