If DLP ever rears its head keep these questions handy because they will direct the vendor in the
correct direction. I break DLP into two areas:
a) Network (inside the firewall) DLP
b) Untethered user DLP. Here are the questions that need examination in order to
craft the correct solution. I hope they will help you with your own.
- Total Users? Easy one
- Do you have users using Drop Box? and do you care that users are placing corporate data on Drop Box?
- How many of your users are untethered from the network? (Laptops,etc)
- Do you want to encrypt outbound email?
- Do you want your dlp system to work in conjunction with your encryption?
- Is DLP a contract requirement? Or audit requirement?
- How many sites do you offer direct internet access to users?
- Or do you backhaul internet to corporate?
- What data are you concerned about leaking? Strategy docs, credit cards, contract docs
- Where is the data? 1 central data base at corporate or distributed at each site? File
systems, web systems etc?
- Do you want spam filtering and firewalling to complement your DLP system?
- What is most important to secure? Data in Motion or Data at Rest?
- Do you want consolidated reporting?