Security News > 2023 > January > Getting data loss prevention right
Before digging into DLP specifics, consider the deceptive marketing behind data loss prevention "As a service." The name implies that DLP is just one aspect of maintaining a security posture, when in fact, preventing data loss encompasses almost all of cybersecurity.
An organization must ensure they have the right people, with the right experience, and enough of them to implement DLP properly.
Historically, many DLPs have relied on data access pattern recognition, which offers mediocre insights into how data is used.
The same contextual consideration applied to data could help DLP solutions achieve stronger results.
I previously mentioned the importance of having the right people and processes when deploying DLP. Likewise, these same experts must help the DLP solution adapt as the business environment shifts to new technologies and procedures.
Organizations are faced with two simple choices when it comes to deciding on DLP. Will they make the considerable investment needed to comply with regulations like the EU's GDPR and the payment card industry's PCI-DSS? Or do they simply want to tell government bodies that they "Had something that met regulations in place" after a data breach? Both choices are costly, but I like to believe the right choice is obvious.