Why Data Loss Prevention (DLP) Matters, Compliance Regulations or Not

Working in IT for as long as I have, the general public often asserts that I have magical powers as I excitedly speak technological jargon while their eyes glaze over. I’m sure everyone in this industry has had similar experiences. However, it’s our job to translate our “techno geek mumbo jumbo” into broad terms for everyone to understand. Security practictioners are responsible for giving business leaders the information they need to make decisions to drive and enable their business. CEOs, HR Directors and Finance Managers don’t care about bits, files and unstructured data.

They do care, however, if confidential, non-public information about the organization makes it into the public eye.

What most people don’t understand is that data loss is often accidental and businesses need to implement processes and procedures for educating their employees about acceptable best practices. As much as we’d like to, we can’t stand over everyone’s shoulder to instruct them on when they can copy data to a USB device or email a document to their personal Gmail account so they can work on it from home.

This is where Data Loss Prevention (DLP) technology comes into play.

DLP is used to monitor, identify and protect sensitive and/or confidential data. It’s used to proactively monitor and protect data as it:

  1. Moves through the network (Data in Motion)
  2. Becomes stored data (Data at Rest)
  3. And as it’s being used (Data in Use)

The system not only discovers and classifies sensitive data, but also educates users on how to use company data properly. Plus, it helps to identify potential theft and misuse.

Many companies that I talk to think they only need to consider DLP in their environment if they have compliance regulations to adhere to. Compliance is certainly an important driver for implementing DLP, but it isn’t the only driver.

All businesses have information that gives them some sort of a competitive advantage. How much is this information worth? How much damage would be done if it got into the hands of a competitor? I usually find out pretty quick when we do an evaluation and the IT director and CIO see what’s actually leaving their network.

Here’s a 3-minute video I made with our marketing team on behalf of a customer who showed it as his organization’s annual company-wide meeting, in order to explain and demo DLP technology.