Rollout your DLP in a Safe Planned Cost Effective Manageable manner.

About 70% of all DLP rollouts are a failure due to ineffective planning. Are you one of those companies which believed in DLP marketing guys who said"Just run our DLP in DISCOVERY more for 3 months and everything will run fine"?.

Most companies do lesser planning in rolling out a DLP than even rolling out an Antivirus. But, for those mature few, a DLP is as strenous and planned exercise as rolling out an ERP... and rightly so. Many companies use a DLP more like a glorified endpoint protection system and in some companies, DLP operates at such a low threshhold that it is as good as useless.

With multiple project experiences, our consultants are well qualified to understand your Data landscape, do a well defined Data Flow analysis, design a security matrix, help you decide whether you need a DLP or a DRM or a combination of both and right up to the bill of materials... the key factors which define the success or failure of your rollout.

Our Approach to making your DLP rollout a success.

  • Governance encompasses the overall management of the confidentiality, integrity and availability of data within an enterprise.
  • It is an act of protecting data and monitoring the flow of where the data travels.
  • Define Policies (Rules) & Procedures (Methods) for storing, accessing and handling data.
  • Plan to implement these rules and methods.
  • Define responsibilities of the owners and/or custodians of the data.
  • Outline the accountability of the data.
  • Data is first identified as
  • Non-Public Data (Financial, HR, Legal etc.)
  • Personally Identifiable Information (Credit Card Numbers, personal health data etc.)
  • Intellectual Property (Patents, Design plans etc.)
  • Once the data has been identified, we conduct flow analysis to identify all systems and devices the data either resides on (DIR) or flow through (DIM).
  • Each of these systems is evaluated to determine threats and vulnerabilities that may put the data at risk.
  • This exercise is conducted for all types of data utilized within the organization.
  • Identify regulatory requirements that increase your organization’s risk of non-compliance and exposure.
  • Study regulatory requirements applicable to your organization.
  • Identify types of security controls required.
  • Identifying privacy requirements for your organization to ensure that the goals and promises of privacy and confidentiality are supported by its practices.
  • Conduct a regulatory and privacy assessment to ensure that data is protected based on regulatory requirements and organization’s policies
  • Defining a standard or policy for data classification
  • Identifying data types by departments
  • Identifying administrator/custodians/users
  • Specifying criteria for data classification and labeling
  • Creating an enterprise awareness program
  • We create Policies which allow your organization’s DLP solution to operate more securely and efficiently.
  • Standards are mandatory activities, actions, rules which we design for the DLP polices to be meaningful and effective
  • We develop Procedures to layout the specifics of how the DLP polices and the standards will actually be implemented
  • Regardless, of the amount of security controls implemented, the chances of intellectual property leaking out are likely high.
  • That’s it why we conduct a data discovery assessment on a periodic basis.
  • A data discovery assessment highly depends on tool.
  • Data discovery is one of the key elements of a DLP Program.
  • We launch an investigation to determine if a corporate policy has been violated.
  • A strong resolution process is automated.
  • This process is efficient and timely to manage and resolve the issue before your organization is harmed.
  • We interact with your organization’s employees so that they have a strong understanding why certain activities are inappropriate and could be harmful for the organization.
  • Not all violations are conducted with a harmful intent, so give an ongoing training to employees to help reinforce correct behavior
  • Provide the employees with guidance on how to correctly handle sensitive data.

Why some of the largest companies call us to do their POC or audit their DLP:

  • An end to end data governance programme taking into account your ever changing data landscape.
  • A risk register of all the data points in your organisation.
  • Validated regulatory compliance of your DLP rollout.
  • A well documented Data Flow Analysis in your organisation.
  • Policies and procedures for managing the DLP in your organisation.
  • Your administrators and users effectively trained on their roles and responsibilities for the DLP.