Building a DLP Strategy: Choosing Between Enterprise or Integrated DLP
Security leaders seeking visibility, control, and proactive breach protection are adopting data loss prevention (DLP) solutions in increasing numbers. But choosing the best approach that fits your individual organization remains a challenge. As the market becomes more crowded with DLP products, it can be difficult to sort through the hype and uncover the truth behind multiple vendors’ competing claims.
It’s essential that your selection be guided by an assessment of the sensitive and regulated data you handle, channels that need coverage, and business leaders’ willingness to accept risk. With this information in hand, you’ll be able to choose the DLP solution that will enable you to enforce the most effective policies for your business needs, and to accomplish this within your existing resource constraints.
Enterprise DLP vs. Integrated DLP Capabilities
In their recent report, ‘How to Choose Between Enterprise DLP and Integrated DLP Approaches, Gartner divides the DLP market into two segments. The first segment is comprised of enterprise DLP suite, which can define and monitor DLP policies across multiple areas, such as endpoints, the network, and cloud applications. They also offer centralized policy management and reporting.
The second segment is made up of integrated DLP products, where DLP capabilities are natively integrated into other security products or software-as-a-service (SaaS) applications. These encompass endpoint protection platforms (EPP), secure email and web gateways, and cloud access security broker (CASB) solutions, as well as native DLP capabilities included among the service offerings of several major cloud service providers (CSPs).
The integrated approach can be a cost-effective way to gain increased visibility into how your users interact with sensitive data but has limitations. It can also solve some basic data protection problems, such as preventing certain types of information from being shared via email or other channels. Because so many vendors are now bundling DLP capabilities into their other offerings, a large number of enterprises may discover that they’re not taking full advantage of the capabilities of solutions they’ve already implemented.
The DLP capabilities integrated within point security solutions are often difficult to integrate with additional DLP solutions, whether they’re enterprise products or DLP that is integrated into other individual products. Policy orchestration and event correlation typically have to be performed manually across these components. This can be labor-intensive or can lead to inconsistent data protection. Capabilities and features can vary widely between products, as can underlying methods for data classification and policy enforcement, which can breed further inconsistency.
In contrast, enterprise DLP products allow you to take a centralized approach to policy enforcement across multiple use cases and administer it within a single, unified platform. Content inspection capabilities tend to be more advanced, and policy frameworks more detailed and accurate. If you’d like to maintain granular control over all data that flows throughout the enterprise, you’ll need enterprise DLP to achieve this goal. If your compliance or data protection requirements are complex, you may need enterprise DLP to meet them.
A Framework for Decision Making
Not every company needs enterprise DLP. You should develop a data security governance (DSG) strategy with input from business units and enterprise leadership to determine whether you might benefit from an enterprise DLP implementation.
As you begin to develop this framework, Gartner recommends you consider the following questions:
- What types of data do you regard as sensitive?
- Where does this data reside?
- How is it being transacted?
- Who has access to sensitive data?
- How is it used?
- How is it regulated?
- When should it be deleted or destroyed?
Answering each of these questions thoroughly requires input from stakeholders and IT and security teams. You’ll also want to ask:
- What operational resources do you have to maintain the DLP solution? Enterprise DLP suites typically have one or more full-time-equivalent employees dedicated to handling the DLP infrastructure. Monitoring the same number of channels with multiple integrated DLP products can be more labor intensive and less effective, however.
- What channels need coverage? The more channels (email, web, secure file transfers, cloud applications) you need to cover, the stronger the business case for an enterprise DLP solution.
- How diverse is the data? Is it structured, unstructured, or semi-structured (like form content)? Enterprise DLP solutions are typically capable of handling a far greater variety of diverse data types from within a single solution.
- How many cloud applications or other services do you use? How much of your infrastructure is on-premises? If you consider yourself a “cloud-first” enterprise and are mostly using SaaS apps and other cloud services, a cloud data protection approach may make the most sense.
It’s not that an enterprise DLP suite is inherently superior to integrated DLP capabilities built into other security products. Nor are enterprise DLPs a natural fit for every organization. Carefully assessing your current needs and capabilities, as well as your data protection plans for the future, will help you see which approach will better fit your enterprise.
Want to learn more about choosing an approach to DLP? Download Gartner’s How to Choose Between Enterprise DLP and Integrated DLP Approaches report today or click on the Read the Report button on the right.