Can anyone recommend best practices for deploying/configuring a data loss prevention platform? How do you make sure you're minimizing false positives/negatives, getting accurate detection, etc?

Security & GRCData Privacy & Protection
2.7k viewscircle icon3 Comments
Sort by:
CIO in Finance (non-banking)2 years ago

A lot of people will give you a set of tools and processes to ensure DLP effectiveness. A different perspective is to ensure you have you data classification done right and in a way that can be maintained. The more fine grained you can get the less false positives. There are tools that vendors claim that have “AI” for detection but without classification any AI won’t be effective or efficient. There is no AI that I know of that can substantially make a dent in classification of data beyond identification of PII etc. In other words there are precursors to DLP beyond configuration that need to happen to make your detection effective.

Director of IT in Education2 years ago

I like Microsoft Purview Data Loss Prevention, it works well with Microsoft systems, Networks, emails, etc.
https://www.gartner.com/reviews/market/data-loss-prevention/vendor/microsoft/product/microsoft-purview-data-loss-prevention

Director, Strategic Security Initiatives in Software2 years ago

I would recommend this : https://start.paloaltonetworks.com/modern-enterprise-dlp-facilitating-gdpr?utm_source=google-jg-amer-sase&utm_medium=paid_search&utm_term=data%20loss%20prevention%20best%20practices&utm_campaign=google-sase-casb-amer-multi-lead_gen-en-eg&utm_content=gs-20039126345-154114646568-656502004727&sfdcid=7014u000001ZAovAAG&gclid=CjwKCAjw8symBhAqEiwAaTA__C85Q42RrbIh8Ps8JPIgKheCHIkBB4aDOSZeYnlBBPXAUImTL2y8JRoCZZ8QAvD_BwE

Content you might like

How does your cyber compliance team stay informed about new and changing regulations impacting your organization's compliance? Additionally, how are cyber compliance teams tracking, measuring and reporting on internal compliance?

Read More Comments

Data Analytics-as-a-Service (DAaaS) is a cloud-based delivery model for data analytics & AI.  What do you see as the most important enabler for you to adopt DAaaS for your business?

Ease of getting my data into the DAaaS platform9%

Tools that make it easy to create use cases with the DAaaS platform41%

A pre-existing library of dashboards and report templates to help me quickly get up-and-running32%

The ability to try out the DAaaS platform for free before buying10%

Services from the DAaaS vendor (consulting, support, training)3%

Confidence that my data is safe in the cloud2%

View Results

What’s the top cybersecurity challenge concerning your organization right now?

AI-driven threats (deepfakes, automated attacks) 18%

Software supply chain risks 24%

Insider risk (both malicious & accidental) 13%

Regulatory compliance 13%

Cloud misconfigurations 13%

Shadow IT (or shadow AI) 8%

Ransomware 5%

Talent shortage in cybersecurity3%

Something else (comment to explain)3%

View Results

‘AI’ Business Model – With many components flowing into the AI domain (cost, data, E&C, people, value, strategy, duplication of everything, etc.), I’ve started to think about splitting out ‘AI’ from the operating model and putting it into a separate legal entity. This way, I could manage a) risk and compliance, b) cost, c) resource allocation, d) governance, e) IP, f) revenue generation, etc.

Of course, this isn’t new in general, but I’m especially interested in how this approach could help with the ongoing challenge of ensuring compliance with data privacy and regulations related to LLMs and data access/usage over time.

My question: Is anyone else thinking about this, or has anyone already done it? I know there are examples in the literature, but I wanted to float this here for general comments and discussion.

Read More Comments

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments