Security Risk Advisors

Data Security Strategy and Improvement with DLP

A data protection strategy needs to be carefully tailored to the enterprise.  The CISO Office needs to understand the most sensitive data, who uses it and which business units care about it, and what can be done to better protect it during creation, collection, use, storage, sharing and archival.  Some organizations benefit from advanced tools like Data Loss Prevention (DLP) and some less-so, depending on their use cases.

We begin by conducting interviews to understand priority data types, how business groups work with sensitive data, and to understand what existing controls are in place.  This process culminates in an interactive workshop and helps to:

  • Identify gaps, build business support and articulate unaddressed data security strategy needs
  • Identify the need for initial or increased use data protection controls, along with their scope, placement and benefits
  • Identify use cases and data types which could be successfully protected with new or expanded data loss prevention (DLP) tools.  Some common use cases include investigations, protecting data at rest in shared drives and SharePoint, monitoring merger & acquisition processes and people, employee departures, misdirected email, crown jewels monitoring & access reporting, and others.
  • Identify and recommend the DLP toolset and components that best meet business needs as well as the priority functionality for implementation.