Data can be stored in so many places and be so vulnerable to loss or exposure. The obvious risk and probability of loss for protected data stored on devices like laptops often motivates security staff to make improvements in this area. Many people have an "a-ha moment" when they see how Data Loss Prevention (DLP) discovery agents can find and report confidential or protected data stored in unexpected places.
It's good practice to inventory where and how confidential / protected data is stored, create policy that defines where and how such data should be stored, then move towards the goal defined by the policy and monitor progress. (Helpful side benefits of this process include improving your backup and archive coverage of protected data, reducing duplication of data, and assisting your business continuity planning.)
The initial inventory of protected data can be overwhelming -- data can be dispersed over all the personal workstations and laptops in the entire company and in the oddest nooks and crannies of servers. But it's good to know where your organization stands with regard to protected data, and what your biggest points of risk might be. If you found confidential financial data being stored on laptops that don't have disk encryption, maybe that's your prime starting point. If you found multiple copies of confidential data stored on a server, maybe it's just a matter of consolidating the data and keeping employees better informed about what location to use on the server for that data.
When it comes to writing your protected data storage policies, keep flexibility in mind. Mobility is a big factor in employee computing use cases today, so if important data on laptops is common, then maybe a disk encryption solutions for laptops is needed rather than disrupting employees' work by requiring them not to keep data on laptops.
When your protected data storage policy is defined, then it's time to move toward it. Education will be important so employees understand why and how this process is happening. Some time & effort will be required to implement the changes, and perhaps some new software will be required for encryption.
As progress is made, DLP discovery software can be used to measure and monitor the progress, and watch for significant deviations from the policy that need to be addressed.
No comments:
Post a Comment