Blog
October 3, 2024

7 Things We Learned from Our Webinar: A Guide to Implementing a Modern DLP Program that Actually Works

In our webinar, "A Guide to Implementing a Modern DLP Program that Actually Works," Metomic’s CEO, Rich Vibert, was joined by Staff Security Engineer, Michael Ivey from Modern Health, to break down the key elements of a successful DLP strategy for modern businesses.

Download
Download

With the explosion of cloud services and Software as a Service (SaaS) applications, companies face ever-evolving challenges in protecting sensitive information. A modern Data Loss Prevention (DLP) program is essential for safeguarding your organisation’s most sensitive data and mitigating risks before they become headlines.

In our webinar,  "A Guide to Implementing a Modern DLP Program that Actually Works," Metomic’s CEO, Rich Vibert, was joined by Staff Security Engineer, Michael Ivey from Modern Health, to break down the key elements of a successful DLP strategy for modern businesses. 

Here are 7 things we learned from the webinar:

1) The Importance of Visibility

Effective DLP starts with visibility. Michael Ivey points out, "You want to know where your data is stored… find a tool that can integrate with all those different data sources so that you can create policies and scan."

Understanding where sensitive data resides and how it’s managed is crucial for implementing effective DLP measures. Tools that offer comprehensive data discovery and classification capabilities are essential for building a robust data protection strategy.

2) Adapting DLP for SaaS Applications

The rise of SaaS applications has introduced new dimensions to data loss prevention. As Rich Vibert observes, "When we look at things like SaaS, there’s different ways to get data out of an organisation. You can share stuff publicly, externally, you can send stuff via email… It’s more flavoursome now."

This complexity necessitates a more nuanced approach to DLP. Legacy systems, which were primarily designed for traditional IT environments, may fall short in addressing the diverse ways data can be shared and accessed in modern SaaS platforms.

3) Managing Alerts and Tuning Policies

To mitigate alert fatigue, it’s essential to fine-tune DLP systems and policies. Michael Ivey advises, "You have to tune your alerts, you have to make sure that you’re building policies and understanding what’s there… Knowing what’s in that environment, knowing what needs to be protected and putting the right policies in place."

By adjusting the sensitivity of alerts and focusing on the most critical risks, organisations can reduce noise and improve their response to genuine threats.

4) Crafting Effective DLP Policies

Creating well-defined policies is a cornerstone of a robust DLP strategy. As Michael Ivey explains, "We have a foundational structure on where data is stored. We can build policies that are focused around those buckets and restrict access to that data based on its sensitivity level."

This approach involves segmenting data according to its sensitivity and applying tailored security measures to protect it. This segmentation helps ensure that high-risk data is adequately secured without unnecessarily impeding access to less sensitive information.

5) The Role of Automation and Employee Training

While automation is a powerful tool for managing data loss prevention, it should be complemented by comprehensive employee training. Michael Ivey highlights the importance of education: "We use [employee notifications] to educate them - they reach out to us and we work with them to figure out what they’re trying to do and make sure they’re able to do what they need to."

Similarly, Rich Vibert adds, "Enabling the employees themselves to remediate their own risk… You have to look to employees at this sort of scale." This emphasises the need for employees to be proactive in managing data security and responding to alerts.

6) Managing Stale Data

The issue of stale data—information that is no longer needed but still retained—can pose significant risks. Ivey stresses the importance of data retention policies: “You don’t need to keep data forever. Implementing a data retention policy ensures that obsolete data is securely deleted, reducing the risk of exposure.”

He also notes the role of DLP tools in monitoring archived data: “Even archived data should be monitored to ensure that only authorised individuals have access, and that it is protected against potential breaches.”

7) Centralised Policy Management

A centralised approach to managing DLP policies is essential for efficiency and effectiveness. “You want a centralised place where you can create these policies across those different tools,” advised Michael Ivey. 

Using a unified platform that integrates with various systems where data is stored, allows for consistent policy creation, monitoring, and enforcement. This centralisation reduces complexity and ensures a cohesive data protection strategy.

How can Metomic help? 

Implementing an effective DLP program involves more than just setting up basic controls. As Michael Ivey aptly summarised, “Once you’ve [implemented a robust policy], pat yourself on the back, but get ready for the next step.”

To see how Metomic can help your business establish a comprehensive DLP strategy, get in touch with one of our data security experts. 

With the explosion of cloud services and Software as a Service (SaaS) applications, companies face ever-evolving challenges in protecting sensitive information. A modern Data Loss Prevention (DLP) program is essential for safeguarding your organisation’s most sensitive data and mitigating risks before they become headlines.

In our webinar,  "A Guide to Implementing a Modern DLP Program that Actually Works," Metomic’s CEO, Rich Vibert, was joined by Staff Security Engineer, Michael Ivey from Modern Health, to break down the key elements of a successful DLP strategy for modern businesses. 

Here are 7 things we learned from the webinar:

1) The Importance of Visibility

Effective DLP starts with visibility. Michael Ivey points out, "You want to know where your data is stored… find a tool that can integrate with all those different data sources so that you can create policies and scan."

Understanding where sensitive data resides and how it’s managed is crucial for implementing effective DLP measures. Tools that offer comprehensive data discovery and classification capabilities are essential for building a robust data protection strategy.

2) Adapting DLP for SaaS Applications

The rise of SaaS applications has introduced new dimensions to data loss prevention. As Rich Vibert observes, "When we look at things like SaaS, there’s different ways to get data out of an organisation. You can share stuff publicly, externally, you can send stuff via email… It’s more flavoursome now."

This complexity necessitates a more nuanced approach to DLP. Legacy systems, which were primarily designed for traditional IT environments, may fall short in addressing the diverse ways data can be shared and accessed in modern SaaS platforms.

3) Managing Alerts and Tuning Policies

To mitigate alert fatigue, it’s essential to fine-tune DLP systems and policies. Michael Ivey advises, "You have to tune your alerts, you have to make sure that you’re building policies and understanding what’s there… Knowing what’s in that environment, knowing what needs to be protected and putting the right policies in place."

By adjusting the sensitivity of alerts and focusing on the most critical risks, organisations can reduce noise and improve their response to genuine threats.

4) Crafting Effective DLP Policies

Creating well-defined policies is a cornerstone of a robust DLP strategy. As Michael Ivey explains, "We have a foundational structure on where data is stored. We can build policies that are focused around those buckets and restrict access to that data based on its sensitivity level."

This approach involves segmenting data according to its sensitivity and applying tailored security measures to protect it. This segmentation helps ensure that high-risk data is adequately secured without unnecessarily impeding access to less sensitive information.

5) The Role of Automation and Employee Training

While automation is a powerful tool for managing data loss prevention, it should be complemented by comprehensive employee training. Michael Ivey highlights the importance of education: "We use [employee notifications] to educate them - they reach out to us and we work with them to figure out what they’re trying to do and make sure they’re able to do what they need to."

Similarly, Rich Vibert adds, "Enabling the employees themselves to remediate their own risk… You have to look to employees at this sort of scale." This emphasises the need for employees to be proactive in managing data security and responding to alerts.

6) Managing Stale Data

The issue of stale data—information that is no longer needed but still retained—can pose significant risks. Ivey stresses the importance of data retention policies: “You don’t need to keep data forever. Implementing a data retention policy ensures that obsolete data is securely deleted, reducing the risk of exposure.”

He also notes the role of DLP tools in monitoring archived data: “Even archived data should be monitored to ensure that only authorised individuals have access, and that it is protected against potential breaches.”

7) Centralised Policy Management

A centralised approach to managing DLP policies is essential for efficiency and effectiveness. “You want a centralised place where you can create these policies across those different tools,” advised Michael Ivey. 

Using a unified platform that integrates with various systems where data is stored, allows for consistent policy creation, monitoring, and enforcement. This centralisation reduces complexity and ensures a cohesive data protection strategy.

How can Metomic help? 

Implementing an effective DLP program involves more than just setting up basic controls. As Michael Ivey aptly summarised, “Once you’ve [implemented a robust policy], pat yourself on the back, but get ready for the next step.”

To see how Metomic can help your business establish a comprehensive DLP strategy, get in touch with one of our data security experts. 

With the explosion of cloud services and Software as a Service (SaaS) applications, companies face ever-evolving challenges in protecting sensitive information. A modern Data Loss Prevention (DLP) program is essential for safeguarding your organisation’s most sensitive data and mitigating risks before they become headlines.

In our webinar,  "A Guide to Implementing a Modern DLP Program that Actually Works," Metomic’s CEO, Rich Vibert, was joined by Staff Security Engineer, Michael Ivey from Modern Health, to break down the key elements of a successful DLP strategy for modern businesses. 

Here are 7 things we learned from the webinar:

1) The Importance of Visibility

Effective DLP starts with visibility. Michael Ivey points out, "You want to know where your data is stored… find a tool that can integrate with all those different data sources so that you can create policies and scan."

Understanding where sensitive data resides and how it’s managed is crucial for implementing effective DLP measures. Tools that offer comprehensive data discovery and classification capabilities are essential for building a robust data protection strategy.

2) Adapting DLP for SaaS Applications

The rise of SaaS applications has introduced new dimensions to data loss prevention. As Rich Vibert observes, "When we look at things like SaaS, there’s different ways to get data out of an organisation. You can share stuff publicly, externally, you can send stuff via email… It’s more flavoursome now."

This complexity necessitates a more nuanced approach to DLP. Legacy systems, which were primarily designed for traditional IT environments, may fall short in addressing the diverse ways data can be shared and accessed in modern SaaS platforms.

3) Managing Alerts and Tuning Policies

To mitigate alert fatigue, it’s essential to fine-tune DLP systems and policies. Michael Ivey advises, "You have to tune your alerts, you have to make sure that you’re building policies and understanding what’s there… Knowing what’s in that environment, knowing what needs to be protected and putting the right policies in place."

By adjusting the sensitivity of alerts and focusing on the most critical risks, organisations can reduce noise and improve their response to genuine threats.

4) Crafting Effective DLP Policies

Creating well-defined policies is a cornerstone of a robust DLP strategy. As Michael Ivey explains, "We have a foundational structure on where data is stored. We can build policies that are focused around those buckets and restrict access to that data based on its sensitivity level."

This approach involves segmenting data according to its sensitivity and applying tailored security measures to protect it. This segmentation helps ensure that high-risk data is adequately secured without unnecessarily impeding access to less sensitive information.

5) The Role of Automation and Employee Training

While automation is a powerful tool for managing data loss prevention, it should be complemented by comprehensive employee training. Michael Ivey highlights the importance of education: "We use [employee notifications] to educate them - they reach out to us and we work with them to figure out what they’re trying to do and make sure they’re able to do what they need to."

Similarly, Rich Vibert adds, "Enabling the employees themselves to remediate their own risk… You have to look to employees at this sort of scale." This emphasises the need for employees to be proactive in managing data security and responding to alerts.

6) Managing Stale Data

The issue of stale data—information that is no longer needed but still retained—can pose significant risks. Ivey stresses the importance of data retention policies: “You don’t need to keep data forever. Implementing a data retention policy ensures that obsolete data is securely deleted, reducing the risk of exposure.”

He also notes the role of DLP tools in monitoring archived data: “Even archived data should be monitored to ensure that only authorised individuals have access, and that it is protected against potential breaches.”

7) Centralised Policy Management

A centralised approach to managing DLP policies is essential for efficiency and effectiveness. “You want a centralised place where you can create these policies across those different tools,” advised Michael Ivey. 

Using a unified platform that integrates with various systems where data is stored, allows for consistent policy creation, monitoring, and enforcement. This centralisation reduces complexity and ensures a cohesive data protection strategy.

How can Metomic help? 

Implementing an effective DLP program involves more than just setting up basic controls. As Michael Ivey aptly summarised, “Once you’ve [implemented a robust policy], pat yourself on the back, but get ready for the next step.”

To see how Metomic can help your business establish a comprehensive DLP strategy, get in touch with one of our data security experts.