Data loss prevention (DLP) is the set of tools, processes, and systems companies put in place to ensure their data is not stolen, lost, or misused. Today, as the threat landscape for corporate data becomes increasingly complex, having a DLP strategy in place is a must — especially for companies that deal with a high volume of personal customer information and/or have proprietary information to protect.
While some companies will choose to establish and run their DLP processes internally, most others choose to work with DLP software vendors and service providers that abide by best-in-class approaches. But with so many providers in the market, how do you choose the right one?
To help you pick a partner that makes sense for your business, here are five questions you should ask data loss providers before working with them.
1. What is included in your DLP solution?
Ideally, by the time you’re going out to look for a DLP vendor, your security team has already established a checklist of features that they want included in a DLP solution. It’s likely you need a solution that includes data discovery, endpoint detection, monitoring, encryption, and more. At the end of the day, you want a solution that covers all the bases you’ve thought of (and some you haven’t) so that you don’t have to go back to the procurement table when a gap emerges.
As a follow up to this question, it’s also worth asking how their solution manages each of those functions. For instance, are they equipped to monitor internal and external threats? How do they perform data inspection and classification? Are they policy or event based? This will provide a better sense of how their technology works and the maturity of their offering.
2. Can you accommodate our unique requirements?
Beyond the features of the solution itself, you should also request information on whether the DLP solution is equipped to address your business’s unique needs. For example, can the solution be deployed on-prem, or only on the cloud? Does it abide by leading compliance standards? Is it easy to request reports for auditors? The answers to these questions will give you a better sense of how the technology will work for your organization and indicate how convenient it can be.
3. What does the implementation look like?
The best DLP systems support various implementation options. This makes it easier to incorporate them into security tech stacks with different components and technologies. As your vendor about the following implementation options (and pay particular attention to the ones that make the most sense to your business):
- Endpoint agent level implementation across multiple channels
- Integration with mail servers
- Ability to receive mail from a technical mailbox
- Integration with the existing internet gateway via ICAP protocol
- An additional mail server
In addition, how well will the DLP solution integrate with your existing security systems? To ensure you’re running a comprehensive and seamless security strategy, you need your tools to be able to share information between each other. Understanding whether the DLP will integrate with your security information and event management (SIEM) system, enterprise digital rights management (EDRM) tools, and any data classification software will be a big factor in your decision making.
4. How quickly can the solution be rolled out?
If you’re looking for a DLP solution, you know that the sooner it’s adopted, the better. As such, having a vendor that can move quickly and get you set up in a relatively short amount of time is appealing. Naturally, the timeline should also be considered alongside the quality of the solution. If you have to give up on core features to get a solution faster, that’s not a worthwhile exchange.
This is also a good time to ask about the level of support you’ll get during the implementation and beyond. Do they have a robust customer success offering? Is the expectation that you hire an individual or team to be responsible for the platform? These are all important factors to consider.
5. Is it easy to adopt?
Ease of adoption is an important metric for any technology, including security software. As such, the ideal DLP solution should have an intuitive user interface that facilitates rapid usage. This, paired with playbooks and in-app wizards that facilitate configuration steps can be great tools for setting your users up for success.
Ask your vendor to demo all of the features you want to look at and keep the ease of use in mind as they navigate through each of the components.
Make the most of your DLP solution
The right DLP solution will help your company protect its sensitive data from evolving threats — and that’s crucial. Finding the right solution will take time, but it’s important to be meticulous in your evaluation so you can select the platform that makes the most sense for your business, how it operates, and the maturity of your security strategy. With these questions, you’ll be one step closer to finding the right DLP technology for your business.
Ali Cameron is a content marketer that specializes in the cybersecurity and B2B SaaS space. Besides writing for Tripwire’s State of Security blog, she’s also written for brands including Okta, Salesforce, and Microsoft. Taking an unusual route into the world of content, Ali started her career as a management consultant at PwC where she sparked her interest in making complex concepts easy to understand. She blends this interest with a passion for storytelling, a combination that’s well suited for writing in the cybersecurity space. She is also a regular writer for Bora.
