2Find and Protect Sensitive Data at Many Locations
A robust information protection and control solution ultimately has to protect many potential risk points in an organization. Most organizations start by addressing DLP concerns first, and then expand protection to other areas, such as information misuse. The solution should also address broader regulatory and country-specific compliance needs.
3Choose Flexible, Customized Remediation Options
Instead of a one-size-fits-all approach that only allows passive, post-violation review or indiscriminate blocking of all suspected violations, the information protection and control solution should provide the flexibility to take the right action for every individual data policy violation, the report said.
4Identity-Based Policy Administration Is Key
5Treat Accuracy as a Lynchpin
No matter how easy it may be to configure a policy, a DLP tool with overly simplified or functionally limited policy capabilities will not deliver meaningful DLP or data control. Key takeaway: If the information protection and control solution cannot perform comprehensive and accurate content analysis, a business won’t easily be able to find and resolve true violations among a mass of false positives.
6Modular Solutions Offer Flexibility and Familiarity
A modular platform architecture enables the system administrator to determine which combination of control points provides necessary coverage for a company. In some cases, only desktop or notebook controls may be desired, while in others, network control points will be necessary. Endpoint or client components should be able to provide protection even when disconnected from a central server or from the corporate network.
7Scalability in Multiple Directions Is Key
8Find an Identity-Based Remediation Process
The study suggests an optimized remediation process should always feature native visibility controls that securely determine which person can review a specific violation. The reviewer must be able to view all relevant information—including the full message, complete files and attachments in their original formats—as well as be able to search automatically or in an ad hoc manner, and to easily find related incidents to aid investigations.
9Settle on an Identity-Based Policy
The report notes the identity management processes and technology should now extend and integrate with the information protection and control solution, as this integration enables better protection of sensitive data by identity and role. “Identities and an identity’s relationship to information are as dynamic as the data itself,” the report said.
10Improve Control of Messaging
Email is an ideal starting point because many regulations require organizations to monitor, supervise and control messaging environments for reasons, ranging from inappropriate internal communication to illegal communication outside the organization or country. As the most frequently accessed and used electronic application in all companies, email is, without question, the most susceptible data misuse point for most organizations.