Implementation of Data Loss Prevention (DLP) system in an organization is important for security of sensitive information however it has always proved very tricky keeping in view the outcome, sales representatives boast about. It is a fact that successful DLP implementation achieves what it claims but it takes a lot of time and efforts from the organization to get what it wants at the initial stages of implementation. Since there is normally a huge price tag associated with an end to end DLP solution, companies find it hard to justify the amount of time it will take to look effective.
It is always a good practice to follow these steps as part of a lengthy exercise, I have found this sequence successful while applying in a number of large organizations.
(Note: Some terminologies in this article are taken from Symantec DLP solution components)
A. Enable or Customize Policy Templates
B. Discover
- Identify scan targets
It is always a good practice to follow these steps as part of a lengthy exercise, I have found this sequence successful while applying in a number of large organizations.
(Note: Some terminologies in this article are taken from Symantec DLP solution components)
A. Enable or Customize Policy Templates
B. Discover
- Identify scan targets
- Run scan to find sensitive data on network & endpoint data
2. Identification of data classified with applicable Symantec DLP policies
3. Introduction of Data into DLP System
- Sample data population for Exact Data Matching techniques (EDM) based policies
- Sample data population for Described Content Matching (DCM) based policies
- Sample data population for Indexed Data Matching techniques (IDM) based policies
- Population of +ive and –ive samples for Vector Machine Learning techniques (VML)
4. Start monitoring SMTP and HTTP traffic
5. Identify stake holders for notification receiving and access restrictions
Phase II (Pilot Audience)
C. Monitor
- Inspect data being sent
- Monitor network & endpoint events
- Inspect data being sent
- Monitor network & endpoint events
D. Protect
- Block, remove or encrypt
- Quarantine or copy files
- Block, remove or encrypt
- Quarantine or copy files
- Notify employee & manager
E. Re-mediate and report on risk reduction The whole process is quite time taking and requires gradual improvement constantly. I recommend adopting a phase wise approach achieving all these goals towards data protection.
Phase I (Policies and Templates)
1. Data Classification
E. Re-mediate and report on risk reduction The whole process is quite time taking and requires gradual improvement constantly. I recommend adopting a phase wise approach achieving all these goals towards data protection.
Phase I (Policies and Templates)
1. Data Classification
2. Identification of data classified with applicable Symantec DLP policies
3. Introduction of Data into DLP System
- Sample data population for Exact Data Matching techniques (EDM) based policies
- Sample data population for Described Content Matching (DCM) based policies
- Sample data population for Indexed Data Matching techniques (IDM) based policies
- Population of +ive and –ive samples for Vector Machine Learning techniques (VML)
4. Start monitoring SMTP and HTTP traffic
5. Identify stake holders for notification receiving and access restrictions
Phase II (Pilot Audience)
Notification will be for Administrators only
Network
1- EDM Policy Implementation on Pilot users
2- DCM based Policy Implementation on Pilot Users
3- IDM based Policy Implementation on Pilot Users
Databases 1. EDM Policy Implementation on Pilot data repositories
Endpoints 1. EDM Policy Implementation on Pilot users
2. DCM based Policy Implementation on Pilot Users
3. IDM based Policy Implementation on Pilot Users
4. Policy review and fine tuning
Phase III (Prevent Mode Enabled for Pilot Users) Notification will be for Administrators and pilot users only
1. Extension of notification scope to pilot end users
2. Fine tune applied policies based on end user feedback
3. Identification of policies where action mode must be blocking access
4. Blocking access to resources where required. Action includes notification to all stake holders.
Phase IV (Review and Re-adjustments) 1- Review information and tune up policies based on information from end users and network monitors
2- Involve concerned departments to identify their specific requirements
3- Re-align scope of network monitors for monitoring of HTTP and SMTP traffic
4- Addition or removal of protocols to be monitored through network monitor
5- Identify production data repositories to protect
6- Implement policies on production data repositories
Phase V (Monitoring Network and Storage) Notifications will be for Administrators and end users
1. Intimate and educate end users
2. Policies rollout to QA Department users
3. Policies roll out to non-critical user departments (finance, marketing, corporate communication etc)
4. Policies roll out to critical departments (call centers, administration, sales etc)
5. Feedback collection and fine-tuning
Phase VI (Monitoring Endpoints) Notifications will be for Administrators and end users
1. Policies rollout to QA Department users
2. Policies roll out to non-critical user departments (finance, marketing, corporate communication etc)
3. Policies roll out to critical departments (call centers, administration, sales etc)
4. Feedback collection and policies fine-tuning
Phase VII (Protecting through Network & Storage) Notifications will be for Administrators and end users
1. Intimate and educate end users
2. Policies modified to QA Department users
3. Policies modification for non-critical user departments (finance, marketing, corporate communication etc)
4. Policies modification for critical departments (call centers, administration, sales etc)
5. Feedback collection and fine-tuning
Phase VIII (Protecting on Endpoints) Notifications will be for Administrators and end users
1. Policies rollout to QA Department users
2. Policies roll out to non-critical user departments (finance, marketing, corporate communication etc)
3. Policies roll out to critical departments (call centers, administration, sales etc)
4. Feedback collection and policies fine-tuning
Network
1- EDM Policy Implementation on Pilot users
2- DCM based Policy Implementation on Pilot Users
3- IDM based Policy Implementation on Pilot Users
Databases 1. EDM Policy Implementation on Pilot data repositories
Endpoints 1. EDM Policy Implementation on Pilot users
2. DCM based Policy Implementation on Pilot Users
3. IDM based Policy Implementation on Pilot Users
4. Policy review and fine tuning
Phase III (Prevent Mode Enabled for Pilot Users) Notification will be for Administrators and pilot users only
1. Extension of notification scope to pilot end users
2. Fine tune applied policies based on end user feedback
3. Identification of policies where action mode must be blocking access
4. Blocking access to resources where required. Action includes notification to all stake holders.
Phase IV (Review and Re-adjustments) 1- Review information and tune up policies based on information from end users and network monitors
2- Involve concerned departments to identify their specific requirements
3- Re-align scope of network monitors for monitoring of HTTP and SMTP traffic
4- Addition or removal of protocols to be monitored through network monitor
5- Identify production data repositories to protect
6- Implement policies on production data repositories
Phase V (Monitoring Network and Storage) Notifications will be for Administrators and end users
1. Intimate and educate end users
2. Policies rollout to QA Department users
3. Policies roll out to non-critical user departments (finance, marketing, corporate communication etc)
4. Policies roll out to critical departments (call centers, administration, sales etc)
5. Feedback collection and fine-tuning
Phase VI (Monitoring Endpoints) Notifications will be for Administrators and end users
1. Policies rollout to QA Department users
2. Policies roll out to non-critical user departments (finance, marketing, corporate communication etc)
3. Policies roll out to critical departments (call centers, administration, sales etc)
4. Feedback collection and policies fine-tuning
Phase VII (Protecting through Network & Storage) Notifications will be for Administrators and end users
1. Intimate and educate end users
2. Policies modified to QA Department users
3. Policies modification for non-critical user departments (finance, marketing, corporate communication etc)
4. Policies modification for critical departments (call centers, administration, sales etc)
5. Feedback collection and fine-tuning
Phase VIII (Protecting on Endpoints) Notifications will be for Administrators and end users
1. Policies rollout to QA Department users
2. Policies roll out to non-critical user departments (finance, marketing, corporate communication etc)
3. Policies roll out to critical departments (call centers, administration, sales etc)
4. Feedback collection and policies fine-tuning
