Businesses should plan a thorough data loss prevention strategy before talking to suppliers, Gartner has advised.
Vendors are likely to sway discussions to specific aspects of DLP, when a full strategy is required for the technology to be effective, the analyst house said.
DLP software monitors data that is in use, moving on the network and in storage, in order to prevent its unauthorised use or transmission. Gartner predicts it will become commonplace in European firms during the next six years, and said deployments were already being considered by many businesses.
“You’ve got to define your strategy first, then talk to the suppliers,” said Paul Proctor, VP at Gartner. “At the moment businesses aren’t labelling data properly, they don’t know where it is, they aren’t handling it properly, and their policies are poorly defined and enforced.”
Speaking at Gartner’s information security summit in London this week, Proctor outlined how businesses can define a complete strategy for DLP.
Organisations needed to first define their data types, followed by building a list of possible actions for that data, then defining policy, and finally negotiating with suppliers.
For defining data types, Proctor said, firms should categorise the information according to its nature and where it resides. For example, intellectual property could be split into drawings (then divided as CAD, PDF, and GIF), documents (split as structured, unstructured, labelled and unlabelled), and personal data (split by types such as credit cards or ID numbers, or by its application such as order processing or online sales).