Toxic Data and DLP: Value or a Waste?
In a Forrester white paper, they referred to ‘toxic data’, which I thought was a very powerful use of words, in reference to deploying DLP technology. With the recent announcement of DLP availability in Office 365 the white paper piqued my interest.
What I thought was interesting, was to protect data you first must know where users have stored it, not too much of a brain tease. With toxic data, the security professional may not know where the sensitive data is stored, therefore struggles with deploying the technology to protect the organization. Of course, Forrester recommended strong policies.
What was the key nugget I thought, was developing a life-cycle approach that continuously discovers data as users create it throughout the enterprise. The issue here, is how do you instill appropriate guardianship in the end users to be cognizant of security violations when they are storing data on laptops, mobile devices, external drives, and the list goes on and on.
This is a strong argument for auto-classification tools that are capable of identifying potential sensitive or confidential content, regardless of where it resides. 100% fool-proof, of course not, but it can achieve a significant reduction in time to find all potential toxic data and most importantly, reduces organizational risk.
Do you use DLP technology? If you are using Office 365 or thinking about it, do you think automatic identification and auto-classification for toxic data? WDYT?