What Your Company Doesn’t Know About Data Loss Prevention

DLP has been around long enough now that your business understands its importance.  Your business knows that not having a DLP plan can expose the company to a myriad of risks – many of which are catastrophic.  Taken a step further, you know that threats exist inside and outside the company and, therefore, DLP operates in both realms.  Armed with this knowledge, your business has successfully implemented a DLP strategy and has continued to experience growth with less risk of tragic loss.  And, if your business is like others, that is where DLP has stopped.  It is working- why change it, right?  What your business doesn’t know about DLP is that these initiatives are moldable and need to be revisited as your business changes.  Said differently, DLP is a complex system that must be retooled overtime so that it continues to benefit your company and doesn’t leave any components exposed.

What Happens when Your Business Changes but Your DLP Plan is Not Re-Adapted

DLP is designed to be dynamic.  It is often designed around business processes, which are specific to the company implementing the plan.   Your business is unique and doesn’t operate the exact same way as others.  Over time, your business will evolve and these processes will need to be rekindled.

Take the sales process as an example.  Today, many companies are using mobile apps as a way to drive sales when previous methods may have required face to face meetings or telephone conversations.  It is the same process – sales – that is being completed in different systems, but in a manner that is diametrically different.  If the underlying process is changing so dramatically, shouldn’t the DLP initiative that protects the process also change?  After all, what might have been an effective method in the old system might very well be an outdated method in the new system.

A world of outdated DLP leads to two primary risks:

  • There are gaps in protection that expose the company to unnecessary risk of loss.
  • The old DLP plan uses outdated methods that weigh down the new process and therefore make it less effective. Both of these risks are reason enough to make sure that your DLP plan is updated as there are changes to your business.

The Good News

DLP is a completely flexible system that is built to benefit your business. As a result, updating your DLP plan as your business changes doesn’t have to be a complex and costly exercise.  In fact, many of today’s best DLP initiatives are modular in nature meaning that they can be implemented in phases so that your company is not shocked with too much change in too little time1.  So, if your business process is changing in steps, then you are also able to implement changes to DLP in those same exact steps.  This may also correlate to better cost control as you can align changes in one system with another thereby reducing the rework or additional work.

Just remember that DLP doesn’t work like a Band-Aid.  In other words, you can’t just put DLP in place and then expect it to work across all of your different business processes just to rip it off one day and have everything be magically healed.  This is actually good news because as your business changes, you are already in a position to recognize support systems that may also need to be updated.  It is, therefore, natural to retool DLP and other supporting systems simultaneously as the process also undergoes changes so that your business is in a better position to recognize any new critical data that needs protected before there is risk of exposure when the new system is live.  Further, this allows other data flows to be modified that may support the changing process so that the entire network is updated and works cohesively.

DLP as a System

Similar to your company, DLP is a system of processes that work together to accomplish their tasks2.  As one system changes, so must others in order to prevent gaps in coverage that may leave data exposed to risk.  DLP doesn’t work in isolation and nor does your company.  As a result, it is important to align changes in your DLP plan with changes in your business processes so that they continue to work in tandem towards your common goals.

 

 

Citations:

1Fajer, Salo.  “Debunking the Common Myths of Data Loss Prevention (DLP).”  ITProPortal.  26 July 2016.  http://www.itproportal.com/2016/07/26/debunking-the-common-myths-of-data-loss-prevention-dlp/.

2Simon, Bryan.  “The Truth About DLP & SIEM:  It’s a Process Not a Product.”  Darkreading.  11 September 2015.  http://www.darkreading.com/analytics/the-truth-about-dlp-and-siem-its-a-process-not-a-product/a/d-id/1322101.