Data loss prevention (“DLP”) is an ever-growing development field. In that same light, the DLP of today is diametrically different than the DLP of yesterday. Let’s be real and admit that companies today are aware that DLP strategy is important, since today’s environment includes extremely high transferability of data across virtually an unlimited number of platforms and devices. While businesses a decade ago had the luxury of not worrying as much about DLP, their successors don’t get that same opportunity. A modern business knows proper DLP polices help prevent significant threats to the organization, sales pipeline and structure. Here are 5 DLP myths that need to be broken so DLP strategies can be implemented and can operate more effectively.
Myth # 1: DLP Requires a Vast Amount of Resources to Maintain
This myth is riddled in small and medium enterprises. Rightfully so, because there is a perception that DLP requires resources that may not fit everyone’s budget. To be fair, it is always important in the business world to weigh costs and benefits, and a DLP initiative shouldn’t be treated any differently. However, modern DLP systems don’t have to cost an arm and a leg to implement and to maintain. In fact, most modern DLP systems have been developed to be flexible and to cater toward a multitude of budgets with different goals in mind. Gone are the days where DLP was made from a cookie-cutter formula with a set cost and result1.
Myth # 2: There is a Significant Lead Time in DLP – by the Time it is Implemented, it is already Outdated
Historic DLP initiatives took time to implement. This often caused frustration, due to the danger that by the time the DLP process was fully operational, enough developments in the market would outdate the current system. Modern DLP works differently, however, in that the processes are more segmented and built to work individually and in unison. The result is that DLP systems can be implemented in timely phases that allow for the acceleration of the DLP strategy and the ability to cater the implementation based on real-time development1.
Myth # 3: DLP is One Person’s Problem, but Not Mine
Successful DLP is built around a company culture and strategy. As a result, DLP cannot be tossed off as one person’s problem instead of a company-wide problem. What this means is that today’s DLP initiatives need to be shared in the company. This is due to the proliferation of electronic data use across businesses—even the junior-most employee often has significant access to data that needs to be protected! As a result, today’s DLP must be built around a culture of training, learning and responsibility across all levels2.
Myth # 4: Once we Implement DLP, we can let it Ride to do its Work Without Monitoring
Wouldn’t it be great if this were the case? Unfortunately, it is not so. Though today’s DLP has evolved to the point where it can be left to many effective automated processes, there is still a degree to which monitoring and improvement are necessary. Said differently, a DLP strategy is a living system, similar to other business processes. Therefore, once a DLP system is implemented, there should be additional systems in place to continuously grow and work with the system so it is more effective over time. DLP systems are like gardens: They need to be maintained or there is risk of weed overgrowth3.
Myth # 5: Let’s Just Protect the Most Important Things and let the Rest be at Risk. The Other Stuff isn’t As Important, so who Cares if the Small Stuff Slides?
DLP systems do not work in a vacuum. It is often a trap that the fiscally concerned may consider—cut out some DLP concepts to save in the short term. To reiterate, DLP systems are not effective if there are weak spots all around. Actually, weakness in one area may lead to weaknesses elsewhere downstream. To be effective, DLP systems should be set up to work in unison without one area being a strong spot at the expense of another. Companies need to focus on making sure the whole DLP system operates effectively4.
DLP initiatives are important. Nevertheless, a number of myths still swim around in the market and can prevent a business from realizing its full DLP potential. Being on top of these myths is important and can add value to any business looking to further its DLP initiatives.
1Fajer, Salo. “Debunking the Common Myths of Data Loss Prevention (DLP).” ITProPortal. 26 July 2016. http://www.itproportal.com/2016/07/26/debunking-the-common-myths-of-data-loss-prevention-dlp/.
2The Absolute Security Insider. “Posts with Tag: Data Loss Prevention.” Absolute. 22 June 2016. https://blogs.absolute.com/tag/data-loss-prevention/.
3IT Business Edge. “Data Loss Prevention: 5 Reasons You Need to Step up Your Game.” http://www.itbusinessedge.com/slideshows/data-loss-prevention-5-reasons-you-need-to-step-up-your-game-07.html.
4Kolochenko, Ilia. “Five Most Common Myths About Web Security.” CSO. 3 May 2016. http://www.csoonline.com/article/3064681/application-development/five-most-common-myths-about-web-security.html.