The current environment is particularly conducive to devastating losses of corporate data, according to ISACA (Information Systems Audit and Control Association), a non-profit association that brings together 95,000 IT professionals.
Tony Noble, author of ISACA's new Data Leak Prevention (DLP) document, says that a large number of companies are currently trying to control their sensitive information, but in most cases, their efforts are inconsistent and are not managed with sufficient diligence and efficiency.
Every day, Noble argues, corporate data travels in different media and, even devoting great efforts to prevent it, companies around the world suffer significant leaks of sensitive information, which implies significant financial and compliance risks.
The ISACA document offers some tips to minimize the problem that this situation can pose for the business and suggests that companies develop data loss prevention policies before choosing and implementing DLP technologies.
In addition, ISACA recommends involving all parties within the organization, going beyond IT, since a DLP solution requires many preparatory actions that, in turn, require the participation of both the IT and the business.
On the other hand, ISACA recalls that DLP solutions suffer from some limitations that must be taken into account. They can only inspect encrypted information that has been previously decoded, cannot intelligently interpret graphic files, and are insufficient to prevent some of the most sophisticated methods of data theft.
Other guidelines proposed in the document to minimize risks include preventing network DLP modules from having configuration failures, as well as making sure they have adequate capacity. It also recommends avoiding over-reporting and false positives and potential conflicts with software or system performance.
Marta Cabanillas
Source: CSO
Leave your comment