Chapter 2: “Integrating and Deploying Data Loss Prevention”
Now that you’ve tweaked the “blueprint” for your DLP implementation to your satisfaction, it’s time to roll up your sleeves and dig in and deploy. Let’s take a look at the second part of this multichapter white paper, Implementing and Managing a Data Loss Prevention Solution, by Rich Mogull, analyst and CEO of independent research firm Securosis. Chapter 2, Integrating and Deploying Data Loss Prevention, covers the key steps involved in integrating your chosen DLP tool into your environment, including defining a deployment architecture, integrating the technical components, and setting up the management server/appliance. You will also be guided in your decision-making as to which DLP component you need to set up first—network, storage, or endpoint.
Select Deployment Components
Your DLP priorities will dictate which components you will be deploying. There are a number of possibilities, and this doesn’t necessarily mean you have to invest in more hardware or software. In some instances, especially if your organization is an SMB, you’ll likely find everything you need in one appliance or server except for the endpoint agents. You’ll need to evaluate DLP components for your network, storage, and endpoints. There are also additional connection components—for your directory server agent, DHCP server agent, and SIEM—that could impact integration. Part 2 of this Securosis white paper helps you organize your deployment by way of a chart that correlates priorities with DLP components, including points of integration and technical notes.
Dive into Deployment
Now that your priorities are crystal clear, you’re ready to take on the actual deployment—and the first step is setting up your DLP tool. There are several options available to you:
- DLP software: This option consists of you installing software on interval servers and endpoints.
- DLP appliance: In this case, DLP software is pre-installed on dedicated hardware, so setup is fairly easy and requires you to connect the appliance to the network.
- DLP virtual appliance: The DLP software is pre-installed on a virtual machine.
Integration into Your Infrastructure
After your DLP tool has been properly set up, the next step is to integrate it into your infrastructure. To make sure you cover all your bases, the Securosis white paper provides detailed information on the most critical elements of your environment:
- Directory servers: This is by far the single most important deployment integration, as it ties activity back to real users rather than just IP addresses.
- Network: Network integration encompasses passive sniffing to monitor traffic and push back alerts; email monitoring, where you would add the DLP analysis as the next hop after your email server; and web gateways for more granular management of web and FTP traffic. If you have multiple egress points to manage in a distributed environment, you would need to place DLP appliances at each network gateway and have them communicate with the primary DLP policies at the network core.
- Storage: Technically speaking, this probably the easiest part of DLP deployment—all you need to do is point the DLP solution to an open file share, load access rights, and begin your analysis. But there are other aspects that may require special attention to configuration, including remote scanning, server agents, document management/NAS/cloud integration, and database scanning.
- Endpoint: Endpoints are the wild cards in this deployment scenario, as they can vary quite a bit, but the good news is that the deployment process is fairly standard, consisting of three main steps:
- Testing is of utmost importance to make sure performance and compatibility are acceptable.
- Deploy the DLP agents with the tool you use for regular system updates and make sure the agent is configured to connect to the DLP server.
- Activate agents and make sure they are communicating with the DLP server before you turn on policies.
You’ve come this far, and your confidence level has undoubtedly increased by an order of magnitude. But you’re not done yet—there’s still more to do—namely, configuration.
Come back and read my next blog in the series, which deals with chapter 3 of the Securosis white paper, Configuring Your Data Loss Prevention Solution.