Frequently Asked Questions about Data Loss Prevention
In our encounters and conversations with IT Administrators, IT Managers and data security staff, there are always some questions that pop-up. Some of them are valid concerns or doubts while others are signs of confusion, most of them being fed by vendors’ different approaches to DLP.
Here are 7 frequently asked questions about Data Loss Prevention (DLP):
1. Can I detect malware with DLP?
No. Data Loss Prevention is a technology that prevents data breaches and detects confidential data being transferred, used or stored on endpoints based on specific detection techniques, like data matching, rule and regular expression matching, keywords, etc. Dedicated DLP solutions focus on insider threats, while antivirus solutions, on outsider threats. However, there are antivirus solutions that provide light DLP capabilities, like blocking data transfers to e-mail.
2. Can I block the navigation on specific websites or block the use of applications with DLP?
DLP offers filters to monitor and block sensitive file attachments, file uploads to online applications, copy&paste, document printing, etc. and the tools to analyze who transferred what and when. The objective is not to completely block the access to websites or the use of applications that help employees in daily tasks, but to prevent leakage of confidential data that could occur through these tools – e-mail, instant messaging, cloud storage apps, portable storage devices, etc. There are, though, DLP solutions that offer this type of capability as well, but the software that is specialized in blocking the navigation on specific websites and web pages is called Web Filtering and it is usually part of UTM solutions.
3. I have a small company with 10 users. Why do I need Data Loss Prevention?
Regardless of the company size, there is confidential data like employees’ records, customer data base, financial records, etc. that, without a DLP software can easily be stolen by a disgruntled employee, or leaked because of human error. The impact of a data breach for a small company can be disastrous, since the resources for a rebound are scarce. It is hard enough to build a brand for a small business, without suffering from the consequences of a data breach. Even for small companies, DLP can be easily implemented and it can be affordable, with solutions like My Endpoint Protector.
4. Can I build Data Loss Prevention policies depending on my Active Directory structure?
Yes. Since DLP fits in all company sizes, enterprises can import their AD structure and build policies on users, computers and groups and assign special rights for each entity. This helps IT Administrators to have granular policies and make the most out of the DLP software, adapting it to the company structure.
5. Can I control/monitor what users are downloading on their endpoints?
While there are DLP tools that offer visibility in what users are downloading, it is not usual for DLP to do so. This is mainly because the purpose of the solution is to prevent sensitive data from going out of the company network, not to control what comes in. Data leakages happen usually when unauthorized employees send confidential files to malicious people, or to their personal e-mail addresses, to the cloud, etc where the control of the IT department is limited. Downloading can be also harmful from other point of view, especially because of potential malware, but this is another topic.
6. Does DLP allow me to locate employees’ laptops if they are stolen?
The answer is no. Locating a computer requires a tracking device or software that can pinpoint the location based on WiFi. Even if there would be a tracking system, like GPS, Data Loss Prevention’s attributes do not include locating endpoints. Other endpoints that can be easily lost or stolen, like smartphones and tablets, can be located through Mobile Device Management solutions. Here are some suggestions for software to locate laptops.
7. How do I know if the DLP I implement is efficient?
This is a very good question, so we dedicated an article just for it. There are different metrics that IT Admins can follow to see if DLP accomplishes its purpose. The article sums up a couple of them – number of confidential data transfers attempts and their severity, the capability of capturing the security events according to the established criteria and the response time for the Admin, employees number of complaints, resource consumption and others.
What other questions occur to you when thinking about Data Loss Prevention?
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.