Like most cybersecurity tasks, managing data loss was once a human endeavour. IT and security teams would monitor activity with basic sensor technology, blocking anything suspicious or malicious.
Fast-forward a few decades, and data loss prevention (DLP) is a very different beast. Where once analysts would focus solely on protecting information, today, the process encompasses a broad range of skills and disciplines across cloud security and all manner of data loss scenarios.
Then there is the issue of increasingly prevalent insider threats—defending from the outside in is an entirely different discipline to defending from the inside out, after all. Most crucially, these varying solutions must integrate and communicate cohesively.
This presents a problem for the modern organisation. Managing DLP is difficult to resource due to the skilled roles which need to be involved. It’s a multidisciplinary program requiring several resources (some full-time and others part-time)—as such, employing someone with expertise across all areas is almost impossible. With the skills gap widening by the day, this is something the cybersecurity industry can ill afford to do.
That’s where managed DLP comes in. Managed DLP helps organisations protect what matters without the need for highly skilled but underused teams. When implemented correctly, managed DLP brings better outcomes with lower costs and fewer internal resources.
But as with all technology implementations, there is much to consider. Not all DLP solutions are created equal. Before deciding to outsource, you need a firm understanding of your business requirements, data risk and metrics for success.
Decisions, decisions and DLP
Outsourcing any essential function takes careful consideration. When that function is as potentially complex as DLP, the process of choosing a partner must be meticulous.
The first thing to keep in mind is that generalists struggle with DLP. If a provider offers 100 services of varying levels, the odds of a comprehensive and effective DLP solution being one of them are very slim.
DLP is a specialised field. It isn’t something to be tacked on to another product or offered in tiers. It is all or nothing. Otherwise, you may as well struggle with it in-house. That’s not to say your provider should only offer DLP. Far from it. But it must be a specialism, with a dedicated solution, team and tried-and-tested process.
Next, you must understand precisely what you need from your managed DLP service provider. Some “solutions” keep your systems up and running and do little else. To truly see the benefit of outsourcing this function, you need a much more comprehensive service.
Of course, managing your system configuration is important, but this is just the starting point. On top of this, your provider should develop and manage your DLP policies on your behalf and conduct security event triage. This gives the provider a vested interest in developing effective policies, as poor policies mean more time and money spent triaging events.
Your DLP provider should also understand the role that people play in data loss. Data doesn’t lose itself. People lose data—through negligence, malice and compromise. And technological controls alone aren’t enough to keep that from happening.
Finally, your provider should have a clear framework for measuring the solution’s success. If it can’t be measured, it can’t be assessed accurately. Most importantly, it can’t be improved.
Measuring the success of managed DLP
Some providers will tell you that measuring the success of a DLP solution is a complicated undertaking. But the reality is, with clearly defined metrics, it is anything but.
Work with your provider to determine how you will quantify the effectiveness of your solution. This should start with the basics, such as the number of false positives generated over a given time or the mean time to respond to an alert. These metrics and more can then be used to determine the overall level of risk facing your organisation.
But be sure to focus on data classification at this stage, too. Ideally, your provider should take several approaches to this process, combining automated classification to determine specific data labels and user-driven classification to decide when labels should be applied or removed.
You can also set more macro targets. Within a relatively short time, you should be able to determine whether outsourcing your DLP has reduced staffing levels, costs and more.
Managed DLP from Proofpoint
How we access and process data has changed drastically in recent years. It’s only reasonable that how we protect that data must change, too.
Legacy systems aren’t built to support modern working environments. They may spot and flag suspicious activity, but most fail to provide behavioural awareness before, during or after risky data movement—and offer very little in the way of user behaviour analytics.
At Proofpoint, we understand that all data loss is inherently people-centric. So, a modern managed DLP solution must account for human behaviour, whether in the office, at home, or in between.
By bringing together telemetry across email, cloud and endpoint, the Proofpoint Enterprise DLP solution allows your security and compliance teams to address the complete range of data loss scenarios in a single, bespoke solution.
This time-tested approach gives you a faster response and investigation time, clear metrics for success, and total visibility across your systems, networks and data.
Find out more about managed DLP and how to implement people-centric DLP in Office 365.
Talk to us about managed DLP
Get the most from your Proofpoint investment and explore what managed DLP could do for your organisation with a regular Customer Business Review.
Learn more about DLP and insider risk
In a world of increasingly targeted attacks, one thing remains the same: Attackers target people. Their techniques have evolved, making protecting your people, your data and how it’s accessed more critical than ever.
The fourth issue of the Proofpoint magazine, “New Perimeters: Data Doesn’t Lose Itself”, is now available. Download your free copy today to explore why we must change the way we prevent data loss and protect against insider threats in our work-from-anywhere reality.