Debunking the Top 3 Myths about DLP
While the rise of data protection regulations such as the GDPR in Europe and HIPAA, FISMA and NIST in the US has lead to an increased awareness of the need for Data Loss Prevention tools to ensure compliance, many companies still hesitate to employ them because they fall victims to some of the common myths that plague DLP software since its infancy.
Here are the most prevalent three charges brought against DLP tools and why they are unfounded:
1. Productivity killer
A myth that has persistently haunted DLP is its negative impact on productivity. It is blamed for making usually easy tasks time-consuming, thus hindering employees’ efficiency and increasing their frustrations. As all myths, this bit of misinformation started from a grain of truth: it’s a remnant of former inadequacies of first generation DLP tools which, as any new technology just being developed, was still difficult to implement in its early stages. One does not, however, judge the capabilities of a Windows 10 based on the qualities of a Windows XP.
Since DLP was first developed as a way to combat data theft and loss over a decade ago, it has matured, becoming increasingly granular and addressing ever more complex data-related issues faced by organizations. Its policies can now be fine-tuned to address a company’s particular structure and needs, allowing for multiple levels of authorization for users and departments as well as computers and devices. These options to customize groups’ and individuals’ rights eliminate the issues once posed by company-wide rules applied to all employees indiscriminately.
2. Small companies don’t benefit from DLP
As complex solutions, DLP tools are often seen as the type of software implemented only by large organizations that have many more insider threats to fear and much more data at stake than SMEs. However, regulations such as the GDPR have made it clear that company size does not matter when it comes to its strict data protection requirements. After all, in the age of the internet, the amount of data a company processes does not necessarily reflect its size. A 2-person startup can develop a successful app used by millions of users worldwide.
Other categories of sensitive information are also not related to organisational size. Depending on the field, data concerning new products, research or financial data are all at risk without proper data protection policies and tools in place. And while some DLP tools may appear unnecessarily complex for the modest needs of a small company, a number of DLP software developers offer modular options that can be mixed and matched to organisational needs.
3. Long and difficult implementation
A ghost that haunts many technologies, difficulties of implementation have entered the list of companies’ biggest fears as a consequence of legacy systems and burdensome BPM transitions. Because DLP tools are usually deployed system-wide, the main concerns are compatibility, complexity and the time-frame needed to fully implement them. While not all DLP software is created equal, many solutions, such as Endpoint Protector, offer a high level of flexibility that guarantees that the solution is up and running in less than 30 days.
Most of the misconceptions around DLP software are based on now outdated issues which have been addressed by developers. As the need for data protection policies becomes mandatory, in many countries by law and in others through common sense, companies must push aside such misunderstandings and see DLP for what it really is: an essential tool for the protection of sensitive data inside and outside the company.