Your DLP Implementation is Incomplete without Automated Incident Remediation

To recap:

*Appropriate Incident Remediation processes and reporting on them is a must-have for a DLP implementation.

DLP customers vary in maturity depending upon how long they have had the DLP solution and whether they have evolved and improved policies and processes around resolving and closing DLP incidents. These are typically manual processes in most organizations.

Even in an organization with mature DLP Incident Remediation, whenever there is a surge of DLP incidents, incident management and response slow down, quite naturally, and this leads to greater security exposure and temporal non-compliance. If the surge continues for extended periods, serious security exposure and compliance issues can threaten the business and cause nonconformities that are bound to crop up in compliance audits.

Sometimes organizations feel that too much effort is consumed in DLP incident remediation and even setting up large teams is not to great avail. Statutory documentation and reporting for audits too ends up consuming a large amount of effort and sometimes, when the same resources are assigned to both remediation and audit documentation, they prioritize the former, for obvious reasons. Sustained high level of incidents then causes deeply unsatisfying audits that cast blame on the team for either letting incidents through the cracks, inappropriate resolution, or poor documentation. In all these cases, audits end up consuming a lot of energies for the organization, both physical and emotional.

When business is not involved consistently in remediation of DLP incidents relevant to them, they might end up viewing their role in resolution of incidents as peripheral and not critical; they do have other priorities, and this can force them to view the incidents as a problem for the “security team” to handle. This can lead to delays in stakeholder responses and approvals, and this can lead to SLA slippage; incidents don’t resolve on time and sometimes deepen the security exposure in the interim. Stakeholders often request a variety of reports on DLP incidents sometimes on an immediate basis and this can delay incident remediation as well as documentation. Ultimately if these factors combine at a specific time, there can be a serious risk of incidents remaining unresolved for long periods of time, which defeats the very purpose of a having DLP solution.

Customers are now looking for automated incident remediation. Such automation must build-in a collaboration with business. Documentation should ideally be automated so that no additional effort is needed for compliance audits. Similarly, a variety of stakeholder reports should be automated so that whenever required, they can be generated in response to requests for them. Finally, a combined dashboard must present a unified and coherent picture of data loss incidents in the organization for whomever it may concern.

Therefore, we now have specifics of an automated workflow solution that DLP Incident Remediation sorely needs. No single DLP solution vendor really provides this and as a group, they probably have much more important fish to fry than provide these automated workflows, especially ones that work along with their competitors’ products.

Your DLP Implementation is incomplete without Automated Incident Remediation.

*Note: For details, please read “Your DLP Implementation is incomplete without “Proper” Incident Remediation.”