Multi-layered approach required for DLP
The age of the office worker is long gone, and to facilitate mobile and multi-site workers, organisations must implement a multi-layered data loss prevention (DLP) strategy.
That is the argument made by Payal Mehrotra, a product manager with security firm Sophos.
In a white paper on the subject, Mehrotra argues that only with a multi-layered approach that covers capabilities such as data exit point monitoring, at rest and in transit encryption, as well as control of exit point devices, can an organisation ensure that data loss risk is minimised.
Citing figures from the Ponemon Institute (2013), the average cost of a data breach in Germany was €4.8 million (€3.6 million), compared to $5.4 million (€4 million) in the US. However, in both cases more than half of that cost (56%) was due to lost businesses. When reputational loss is also factored in, Mehrotra argues that the cost could be overwhelming.
While advocating the multi-layered approach, Mehrotra warns that any DLP implementation must include end-user policy compliance. “This means enforcing rules for proper data use,” said Mehrotra.
Mehrotra says that a good assessment is vital in building a proper implementation of DLP. Understanding regulatory obligations, as well as international laws that may apply, is vital as a starting point. These requirements can then be built upon to achieve any internal standards that are required.
Sponsorship is also critical to achieve the aims of the implementation, with support from senior business as well as IT leaders.
To download the white paper on DLP, click here.