Skip to main content

Why do they call it DLP?

March 05, 2015

I always have to ask myself every time I hear the acronym “DLP.” Why do they call it that? There is no “prevention” in most DLP. It should be called DLT --> Data Loss Tracking.

Think about it for a moment, aside from enabling you to see who stole your data, most solutions don’t do anything at all to actually “prevent” it from being taken. And, unless you are watching it like a hawk and physically stopping people from walking out the door with it, have you actually prevented anything?

Therefore, when I talk with customers about DLP, I always make sure to distinguish between solutions that are really DLT vs. true DLP. It makes for some lively and interesting conversations.

Further, having true DLP is becoming an increasingly important concept. This is especially true with the advent of the cloud, the increasing use of mobile and the perpetual compromise of corporate computing environments and remote endpoints.

After all, if we want to protect our data, why not actually protect our data?! For the longest time, people have been trying to protect their data by building walls around their organizations. But, the walls don’t stop the data. It is transient.

Worse yet, the walls don’t stop the attackers. They easily compromise internal or remote endpoints through social engineering, spear phishing or other trivial attacks.

So what exactly do the walls do? That is a silly question… They are part of a holistic security strategy that needs the other pieces to be complete.

If the goal is to protect the data, I recommend starting by doing just that. All sensitive data should be encrypted and secured unless accessed by authorized personnel. And, all access to protected data should be tracked. Further, all attempts to copy protected data should result in the new file being protected with the same level of security as the original file.

There are some DLP solution providers that have gone with a model like this, and I hope to see other providers following suit. It is way easier and more cohesive to see the encryption built into the DLP solution than having to bolt on a separate encryption solution. But, irrespective of whether you use an integrated or bolt-on encryption solution, it is much better than not having the protection at all.

Once your data is secure, it is kind of liberating. It frees you up to use the cloud without worrying about it being compromised. Lost laptops aren’t as big of a deal. And malware harvesting encrypted data becomes kind of humorous. 

Related Blogs

June 28, 2017

Petya / Petna / NotPetya Ransomware Recommendations from the Trenches

Here we go again. Not long ago I updated a blog post containing actionable recommendations to protect your environment from ransomware threats, includ...

See Details

July 06, 2017

Indicators of Compromise (IOCs) are Not Intelligence

When discussing the topic of cyber threat intelligence, I frequently hear questions about Indicators of Compromise (IOCs). IOCs are not intelligence b...

See Details

May 29, 2012

What is DLP (Data Loss Prevention)?

As a Certified Information Systems Security Professional (CISSP) and Payment Card Industry (PCI) Qualified Security Assessor (QSA), I frequently run i...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

August 24, 2017

Enterprise Incident Management Brief

Learn how Optiv’s workshop helps security leaders evolve their technical incident response practices to broad scope enterprise incident management.

See Details

July 07, 2017

Enterprise Incident Management Program Primer

The Optiv EIM framework covers all the components necessary to respond to and manage an incident.

See Details

May 29, 2012

What is DLP (Data Loss Prevention)?

As a Certified Information Systems Security Professional (CISSP) and Payment Card Industry (PCI) Qualified Security Assessor (QSA), I frequently run i...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.