The Data Loss Prevention Approach

2136 Words9 Pages
Data Loss Prevention Approach A success of DLP strategies can be achieved by not just mitigating data loss risk or Data breaches incidence, but actually involving people, process and technology in it by educating and managing employee’s behavior, planning policies and enforcing it via appropriate technology [4]. Strategies/approaches for DLP implementation is broadly classified in three categories according to the place where it is implemented. Figure 1 DLP approaches [6] 1. Network focused (a.k.a. Data in Motion) [1] This is easiest to implement DLP approach. Here DLP is deployed on network in monitoring mode. It provides broadcast coverage with least efforts. It requires least integration to the current setup, hence it is typically faster to get up and run. This is actually done by capturing and analyzing traffic going through channels such as internal LAN, External Internet, and private network such as VPNs etc. by detecting and responding to the incident. Though it is fastest and easiest, but not best since there are many other circumstances where it doesn’t work (provide protection) i.e. if someone copying data on its USB etc., this kind of circumstances does not cover in network focused DLP. 2. Endpoint focus (a.k.a. Data in use) [1] Data at end points is an approach where DLP is implemented at user end. It is also called as an agent based approach. User end can be user workstation or laptop where transactions of data are monitored such as data transferred through
Open Document