But what happens if, after seeing the pop-up alert, the employee decides to send the email anyway, resulting in data loss? The DLP solution keeps records of all of the userís actions, of the fact that they were alerted, as well as the justifications they provided, giving an audit trail for subsequent analysis. This establishes a clear chain of events when reviewing a data-loss incident, which is useful for internal review and external compliance purposes.
The aim is to create a decision point for the user, encouraging them to review what they plan to send, increasing their responsibility, and helping to correct any digressions from the companyís security policy before an incident happens.
Preventing loss, reaping the gains
To summarise, the benefits of this approach to DLP fall into two main areas. It allows companies to significantly reduce the number of data loss incidents upon deployment. As employees experience the DLP solution in action, they will learn more about data loss, how it typically occurs and how to avoid it. This encourages adherence to company security policies. Over time, pop-up alerts to users will most likely decrease as users become increasingly aware of the types of activity that trigger an alert.
Also, engaging the users in the DLP process will directly benefits the organization, by reducing the burden of day-to-day security management from IT staff. The majority of decisions about whether content can be sent or not, is taken by users directly Ė a sharp contrast to previous-generation DLP solutions that require IT staff to check every email flagged as a potential risk. Empowering the user enables IT teams to focus on more strategic tasks, instead of getting bogged down in email approvals.
When it comes to preventing data loss in the corporate environment, technology alone is not the answer, but it can be used as a safety net. This, combined with educating users to become more aware of the impact of their actions, is the best method for minimizing the overall security risks. Benjamin Franklin was right: an ounce of prevention truly is better than a pound of cure.