The participants at Yabing Wang’s roundtable came from a variety of industry backgrounds, and were also all at different stages of maturity in data protection. In each company, Data Loss Prevention (DLP) was nested within different overarching teams. Some consider it within the realm of data protection, whereas some think of it as a part of insider threat management. However, regardless of where you decide to place DLP in your strategy, as long as it maintains its spot as a major part of your data security, you are on the right track. This group discussed what possible solutions we could consider for DLP, and after some deliberation, came to the decision that there is no one solution for DLP. It is a vast concept that touches many aspects of a security and business infrastructure, and one single solution cannot handle all angles. You could look at DLP from the endpoint perspective, cloud perspective… no matter the angle, there will still be cracks for data to slip through. As such, you need to consider DLP from a risk standpoint. What data is most at risk? What data is most critical and needs the strongest protection? Your strongest solutions will protect those priority areas, and your team may need to adopt other solutions to plug gaps elsewhere in the infrastructure. Additionally, depending on your data protection maturity stage, you could look into consolidating data to make it more manageable.
Last—DLP is a long journey, and can be even longer when trying to make it mesh with your business. Protecting data and blocking threats without throttling business efficiency is a delicate balance, and it requires cooperation from the security team, the board, and employees. Training and awareness across the business is a great place to start, and further education can follow.