DLP. We know we should but surely we can find something else to do first?
It sounds simple right? ‘Just define a classification scheme, apply it to all data and then some software does the rest’… says someone who has never tried it, and either succeeded or failed.
Microsoft published some states a while ago showing that, among the polled organisations, protecting and governing sensitive data is the most significant concern in complying with regulations. The same survey said 88 % of organizations no longer have confidence to detect and prevent loss of sensitive data while 80 % of corporate data is "dark" - it is not classified, protected or governed. That’s not a good combination.
So, what is the problem? I don’t ever think it has been a technology issue as such, sure, the more complex your environment and data stores the harder it can be, but the tools have been there for a while.
The collective experience of the battle-hardened crew here at Tiberium is that organisations often start from an ‘academic’ position of just the regulatory/contractual rules and try and apply that to the whole outfit at once. Multiple technologies, multiple stakeholders, different drivers, and unknown costs. What could possibly go wrong?
It is often, for good reason, legal and compliance teams that draw up WHY data is held and WHERE it should be. The more mature (or adventurous) may even try discovery exercises to understand WHAT data they hold.
领英推荐
This misses the critical step of understanding how the company actually uses the data. You will undoubtedly learn something if you take the time to understand HOW data is being used and by WHO – and while there may be things that make you squeak and need to be changed, you are significantly more likely to design employee and productivity friendly rules and policies.
It won’t be a surprise to learn that we have developed an approach to address some of these challenges – we called it LORE, and it fits hand in glove with our spectacular MYTHIC managed SOC service. Over the next month, we will show you how we do it, and how we think the approach and the technology can get you off the ground in a meaningful and sustainable way – and who knows, we might meet some more of Kipling’s six friends.
Want to know more about Tiberium LORE? Sign up to watch our on-demand webinar here & learn how LORE can make the most of Microsoft’s Security and Compliance capabilities to protect your data.
Global Chief Information Security Officer | CISO | CIO | Cyber Security | Strategy | Architecture | Risk | Policy | Governance | Transformation | NIST CSF | ISO 27001 | PCI DSS | Helping You Do You... Securely.
2 年Yup, just about to do some DLP... right after my lobotomy, which is going to be so much more fun!
VP Advisory at Ontinue
2 年Certainly, always something else to do .... but when it comes to personal data the ICO will disagree.