Part 3, Conclusion: What the WikiLeaks.org Release Really Means for You
It may come as a surprise to some that legacy controls aren't enough. And, as this incident showed, it's not just email that data is being lost through: the Web is four times more likely, and USB is a large vector too. However, a myopic approach to solving the problem can be dangerous. Shutting down access - a natural, gut reaction - will only create more obstacles and impede an organizations ability to operate at their peak capacity.
The key to protecting these assets and establishing effective security is to keep it simple and map to three primary points:
1. What is the data you want to protect?
2. What are your use cases for protecting it (in this case, removable media)?
3. What is the value to you to protect it (to help determine investment and priority level)?
DLP, like every technology, needs to be mapped to your needs and be applied in a holistic approach to security in order to be effective. But if this incident proved anything, it is that there is a demonstrable incentive for you to investigate your needs and the information you need to protect and begin securing your sensitive assets.
Let me know what you think about the past few posts. Also, feel free to comment below if you have implemented DLP and want to share your story of determining your needs and successfully protecting data within your organization. And, of course, if you’re interested in trying out DLP you can download Websense at www.websense.com/DownloadDLP.