Data Loss Prevention Checklist

Marketing Team Cloud Security Expert - CloudCodes Software
  • July 14th, 2021

Data Loss Prevention Checklist to Plan Your DLP Strategy

The Data Loss Prevention checklist for the internal quality audit comprises a particular set of questions. These questions are derived from the standard requirements of a quality management system by the firm. Business users map the requirements against all those challenges that are procuring the technical solutions. For help, a Prospective vendor Checklist is developed, which comprises of elements in following three major categories:

  • Host or network protection from data leakage and file encryption
  • Management and the support
  • Organization Profile and costing

The entire blog acts as a checklist for prospective vendors. It could be utilized in combination with an interactive data protection requirements worksheets for calculating the rates and then, vendor comparison.

Prospective Vendor Data Loss Prevention Checklist

These points are checked after completing the implementation of DLP in the account.

  1. Discovery, Searching, and Retention

    • Discovery: Capable of discovering the unknown or unmarked data
    • Retention: Registration of repository files by providing them inventory
    • Search: There are two parameters upon which users can search for data, i.e., specified time duration and indexed content-based. This content-based is dependent upon expressions, keyword, content patterns, type of the document file, etc.
  1. Monitoring, Alerting, and Enforcement
    • Monitoring: Discovering, identifying, correlating, analyzing, and logging every activity performed with sensitive data. It includes file hosting, items processed within the application on the host, the program being getting accessed, over input/output channels, and capability of differentiating unclassified or untagged data and then adding them to existing DLP policies.
    • Alerting: Just after the time when a violation is detected, define, and then implement the actions to be performed. One can monitor the tagged data for the violation purpose from the management console. They can also provide alert to end-users or administrators as a preventive measure, at the last, capable of applying the alert rules to the previously unclassified or untagged data.
    • Enforcement: Mention and apply actions to be taken to enforce at the time of the violation. DLP encounters new incidents, which are defined by the end-user, location, context, and application. When a sensitive file is discovered, the DLP should encrypt, quarantine, and delete it.
  1. Forensic / Investigation: This captures the data from an event with a set of appropriate metadata (date/time, protocol, user). These get stored and indexed for searching purpose ‘after the fact.’ It must be having storage capability at a high-scale to preserve metadata with raw items for investigation as well as regulatory purposes. Partnerships with third-party service providers are verified.
  2. External Device Control: Through the help of endpoint agents, describe and implement usage controls over the external device components. One can assign either the ‘allow’ or ‘disallow’ permission to others. Check that the encrypted data is getting copied on the devices. Users can block the copying of protected data on the device. Dependent upon the data type of the copied items, users have the authority to disable external components.
  3. DLP Rules Support: Check the following parameters in the support section of DLP rules:
  4.  
    • Business / Regulation Support
    • Rules Creation, Extension, and Management

Encryption

  1. General: This persistent data encryption when data is in use or is at rest. It involves emails with attachments, files or folder, complete disk encryption, On client machine pagefile, offline data, and mobile devices.
  2. Algorithms, Keys, and Certificate
    • The DLP supports FIPS 140-1 / 140-2 algorithms (RC5 / AES)
    • It gives support to substantial key length, i.e., 256-bit and more
    • Provides a typical level of certifications, including all the standards for protection purpose
  1. Key Management and Recovery
    • Centralized management for encryption keys and policies
    • The not administrative key for unlocking all files that are having responsibilities as per specified rules. The data can be decrypted only by their original keys
    • Even is the machine is in offline mode then also there should be secure recovery for forgotten tokens
    • Encrypt all the communications for transferring of crucial information
    • In case of damage occurrence, data retrieval from relevant users data
  1. Encryption Management
    • The centralized management for policies of encryption with the keys and recovery techniques
    • Procedure for flexibly developing and updating the policies
    • Set the rules on the type of documents and files
    • Depending on the user and group, create a set of rules
    • Management support for folders, data, and full-disk encryption
    • Support for several types of two-factor authentication along with their certification

Management and Support

  1. Implementation, Deployment, and Management
    • Support centralized administration, deployment, DLP management, and reporting
    • Control all the products related to security from one administrative console
    • Renders easy and interactive installation steps, and
    • Provides documentation, which is easy to follow
  1. Administrative Access
    • Require an individual account for each admin
    • Working flow chart, which provides support to owners in the business hierarchy
    • Management and proper configuration of several executive roles
    • Diving duties or responsibilities depending on the administrator
  1. General Policy and Rule Management
    • Renders centralized management across the data protection and policies of encryption
    • Easy-to-use working interface to customize rules as well as policies
    • Enabling reuse of the already existing rules for constructing new templates
    • Permit with a feature of disabling machine ports and provides support for granular program and control over the device
  1. Incident Workflow
    • Investigates the incident, which involves data at rest, in use, and data in motion from the console of centralized management
    • Enables the definition and establishment of a particular workflow
    • Divides the cases into the basis of user-defined categories
    • Renders access controls and security around the incidents
  1. Reporting, Auditing, and Compliance
    • Supervise the alerts of HDLP, NDLP, and encryption just from one console
    • Launch single components from a single console screen of central management
    • Capable of meeting all regulatory requirements, which are applied
    • Flexibility in identifying all the log events

Company Profile and Pricing

  1. Company Profile
    • The compatible base for customers
    • Comprehensive technology partnerships
    • Standing for sound financially
    • Track the record of adapting the market requirements
  1. Maintenance and Support
    • Profession services breadth
    • Policy to upgrade the software
    • The accessible base of knowledge
    • Web-enabled access for upgrading and patching
  1. Pricing
    • Pricing model (per group, user, device)
    • Add a value (integration, manageability, etc.)

Conclusion

The blog gives an outline of the Data Loss Prevention checklist. Users can read this after successfully implementing the DLP feature in their accounts.

 

Share