To maintain relevance in a landscape where most workers are mobile, Data Loss Prevention technology must move from the server to the endpoint. If you are unable to monitor data movement because a device is off the network, then you put corporate data at a greater risk.
- Invest in DLP technology that extends to the endpoint. Without it, you will only be able to secure a small subset of data stored on devices that are never off the network
- Know your users. Qualify user access to data based on their role within the company and investigate if someone is accessing data that is outside of their authority. Hopefully your DLP solution integrates well with Active Directory so that this organisational infrastructure can be easily imported
- Know your data. Work with senior management, HR, legal, and any other stakeholders to determine the types of data that must be secured
- Quantify the risk. Once the different categories of data have been identified, rank each group based on sensitivity and potential impact to the organisation
- Design appropriate security protocols. Some categories of data may require a cautionary approach from IT while other types of data may need to be locked down completely. Build a protocol that applies an appropriate response based on the significance of the data
- Analyse data activity. Patterns of activity may signal a potential security incident. Perform regular analyses of data movement
- Regulatory compliance. With the above criteria in place, you should be able to respond immediately (and appropriately) to any data security incident that may arise relative to data movement. It's important to record the response and the ultimate result to prove your compliance with corporate and government regulations
- Stephen Midgley oversees all aspects of global marketing and product management at Absolute Software including corporate communications, product marketing, demand generation, and the company's presence on the web.