In short and simple “DLP is used to prevent the leakage of confidential and sensitive data or information, that is to monitor and prevent confidential data from leaving the organization boundaries.
Protecting your data is more about understanding what you want to protect versus where the data resides. If you have to ask "where is the data I want to protect?" - the cat is already out of the bag. Discovery does have its place - particularly in identifying adhoc data stores, but putting discovery ahead of defining those data elements you want to protect is truly putting the cart before the horse.
In Simply language, the most important component of any successful data loss program is PEOPLE. Educating them, raising and reinforcing awareness in them, pointing out good behaviours and chastising bad behaviours in a consistent and programmatic fashion, and, eventually, getting people to do things differently (and more securely) than they do today. This is one of the points to prevent data loss by training method. The next para will tell about the technical part of the data loss.
There are many different DLP solutions and variants on the market, but at the end of the day it is all about the data. A robust DLP Solution will help you find classify and control the use of sensitive data throughout your organisation while providing such benefits as;
· Identifying and analysing data at major control points.
· Preventing the accidental or malicious disclosure of sensitive information.
· Addressing corporate governance requirements (i.e. government or industry information protection regulations).
· Preventing violations of general corporate security and behavioural policies.
· Monitoring and controlling the use of information based upon identity and role.
A few Guidelines..
1) An essential to-do about preventing data loss for an enterprise is to start by formulating and executing a Loss prevention policy/program/study.
2) Engaging a consultant todo a DFA would give the team some observations/essential fodder to formulate and action upon a IS policy.
3) It would help the key person judge whats most relevant and whats best for your given scenario/department/geography/company/business. There are no shortcuts to an auditors recommendations and observations.
4) Overall it is essential that employees understand the importance of the information that they hold and still be able to collaborate freely with the given information.
5) The IS policy should also provide the employees an opportunity to assess the information they hold and this may extend to getting the user to classify the information.