10 questions about the DLP system: why do I need it, what can I do, and what can’t I do?
Today DLP system’s purpose is not just monitoring data leaks as it was in the beginning. Now DLP systems are commonly used to solve a much broader list of problems of information, economic, and personnel security. An employer can make use of data from the system to optimize business processes, control and increase productivity, and even more.
In this article, we decided to answer 10 most common questions that we hear from potential customers about the capabilities and limitations of DLP systems and our SearchInform DLP in particular.
1. Why do we need to install a monitoring program? I trust my employees.
Trust works when you know each employee personally. Even in this case, there is the risk some employees will abuse the trust you put in them. When your staff counts with more than 50–100 people, there is a place for intrigue and fraud, information leakage, or a lot of incidents due to carelessness.
In the language of numbers:
95% of information security incidents happen due to human error (IBM Managed Security Services research).
Our research shows that only 9% of companies over the last business season manage to avoid incidents caused by their employees.
2. DLP is expensive. Does it pay off if we don’t have dark secrets?
The situation strongly depends on the specific DLP system and the vendor’s flexibility. Our software has a modular structure, and the implementation of the system can be increased as the business matures and its tasks become more complex. For those companies that can not yet assess the feasibility of purchasing software permanently (perpetual licenses), there is a solution to test it in the format of outsourcing.
When a business is ready to invest in its threat mitigation, we provide flexible licensing. The price, accordingly, depends on the volume of purchase, the number of controlled channels, etc. We usually provide an example, which shows that money a company spends on DLP protection equals the cost of office tea, coffee, and a new year’s corporate party.
3. How can I use DLP to control the computers of employees who work outside the office?
If employees work from home on corporate devices, then there are no problems with the organization of control. The only thing to do is to check the appropriate configuration of DLP and security policies, which will take into account the bandwidth and load of communication channels, as well as various “home” risks.
At the same time, there are legal restrictions on installing monitoring programs on personal devices. Therefore, if it is not possible to provide employees with corporate devices, personal computers should act as a thin client and be used as an entry point to the corporate infrastructure. In this case, DLP system agents can be installed directly on the terminal server.
4. Can DLP control mobile phones?
No, it can not. In the context of the variables efficiency-invisibility-legality-cost mobile control remains an unsolved problem. The risk of information leakage through personal devices can be significantly reduced by using a set of technical and administrative measures. The most popular solutions are a complete ban on the use of gadgets at work, MDM/EMM solutions, and the installation of video surveillance cameras.
Within this complex approach, DLP systems make information theft as difficult as possible. The software precludes the possibility of information leak from the computer to the phone through all channels. There is only one leakage scenario left: an employee makes photographs of the monitor screen. And to restrain these office photographers, an employer can apply measures of so-called “social pressure”: video surveillance in offices, elimination of situations when an employee is alone in the office, etc.
5. If employees find out that we are following them, can they sue us?
Don’t let this scenario happen. An employer must register the fact of control in writing and obtain consent from the employee. This will protect an employer from possible lawsuits and will be ethically correct. Upon request, we share sample documents with our customers.
The employee-employer relationship is regulated by the Labor code, which clearly states that the employee is obliged to work during working hours; that the employer has the right to demand the performance of labor duties; that if you organize working conditions, you can dispose of your property at your discretion. Moreover, by law, you are also required to monitor employees to protect personal data of customers, banking, and commercial secrets, as well as data in the industrial control system.
6. If employees know about control, does it make sense?
Yes, it does. The law does not oblige an employer to explicitly advertise what specific measures it takes to protect information. Our clients’ experience shows that if your risk manager does not make a fuss about every incident, employees very quickly stop focusing on control and return to their standard behavioral patterns.
Yes, malicious intruders will be more cautious and start looking for ways to circumvent the DLP system. Even Homer sometimes nods and experienced criminals are also prone to make small mistakes. There was a story of how the “elusive” hacker came to the police attention because he pointed out his secret email address when ordering a pizza.
7. Do we need a separate specialist to work with DLP? How much time will my employee spend working with your system?
It is advisable to have a risk mitigation specialist, who will be able to take care of a DLP system. Just “install and forget” equals squandering and will result in being disappointed in the software.
Still and all, it depends on DLP automatization, which may differ. For example, our SearchInform DLP enables a specialist to fully control 1,500 people. There is no need to start from scratch, you will have a package of installed security policies at your disposal. Implementation Department will assist you in further configuration ensuring you reap the work of your DLP.
Let me also remind you that if the company does not have enough security specialists, there is an option to use outsourcing. This approach is also in demand among large companies that want to strengthen their staff.
8. What is the load of DLP on the network and PC?
The load depends on where the DLP system processes and analyzes information: directly on the workstation or on the server. Some DLP systems are clumsy in this regard and assign “heavy” work only to the client part of the software.
SearchInform DLP can be configured flexibly. Depending on the task, you can minimize the load on the PC, then even on a machine with 512mb RAM and 2ghz CPU, the work of agents will be almost invisible. If you need to offload the network, you can set a limit on the channel width used by agents. In this case, the agent creates a queue of data on the workstation (it uses hidden encrypted storage) and gradually passes it to the server.
9. Where are the guarantees that no one will get access to our information?
Our software does not have hidden features or spyware modules and does not transmit information outside the customer’s network. Numerous certificates and licenses, which you can find on our website, substantiate it. For now, we have more than 3000 customers and the trust of each is a value for us. We care about our reputation. Playing some “spy games” does not worth it.
10. What makes you better than other similar software solutions?
We can brag a lot, but no matter what we say, first, you need to test the software in your company. Give the software the maximum load, and examine DLP “pilots” from several vendors. As for our system, it is available for testing in full functionality for free. You can also test information security outsourcing.