Data Loss Prevention can provide some powerful protection for your sensitive information. It can be used to discover Personal Information (PI) within your environment, identify various forms of PI from names and phone numbers to government identifiers and credit card numbers, assemble multiple subsets of PI to accurately identify a whole record, and even do all of this in multiple languages.
It can also discover and identify Intellectual Property (IP), and even be trained to learn the difference between your IP and the IP of your business partners. It can alert you when someone tries to copy or share PI or IP. It can block or encrypt attempts to email, IM, blog, copy, or print this sensitive data. DLP can also "fingerprint" certain documents that you specifically want to protect or ignore.
DLP provides a strong set of capabilities, but it is primarily used to protect against unauthorized movements of sensitive data (e.g., the various ways you may transmit, copy or print sensitive data from one location to another). And, it is intended to provide this protection in one direction (inside-out). It is not intended to protect you from receiving sensitive data, but rather it is intended to protect the data you already have.
Do your research
By implementing DLP you are about to invest a substantial amount of your company's money, time and resources. As a first step, do your research. Consult with research analysts such as Forrester or Gartner and gain a basic to intermediate understanding of the industry, the vendors and solutions available, and their particular strengths and weaknesses. Some DLP solutions offer robust features and support while others offer much less (i.e. "DLP Lite"). Understand your environment and the ways in which sensitive data moves about before undertaking DLP.
Also, leverage your professional network. Ask what your peers are doing with DLP and what success or pains they've had. Talk to several vendors and narrow the field to a few. After narrowing the field, request preliminary pricing estimates — you will need this information for budgetary planning.
Note that far and away, most company's buy too much DLP. Plan to start small, pilot test in key areas, and grow into it. You will find that it will take you far longer to install, configure, optimize and find a way to effectively manage than you could have imagined. It does you, nor your company, no good to spend money on product or subscription licenses that go unused or are poorly deployed.
Give some thought to where DLP will be needed, and what it must accomplish to be successful.
Don't apply a shotgun approach unless it makes sense for your organization. Installing DLP on everything, everywhere can be very expensive and difficult to maintain. Think about the key applications and teams within your business that really need DLP technology due to the sensitivity of the data they have access to. You may find that you are able to apply an envelope of DLP protection around just your high-risk teams.
Sign up for MIS Asia eNewsletters.