Your DLP Implementation is Incomplete without Automated Incident Remediation
By Arvind Mehrotra Advisor Cybersecurity - VidyaTech and Krishna K Bhardwaj, CEO - VidyaTech
*Appropriate Incident Remediation processes and reporting on them is a must-have for a DLP implementation.
DLP customers vary in maturity depending upon how long they have had the DLP solution and whether they have evolved and improved policies and processes around resolving and closing DLP incidents. These are typically manual processes in most organizations.
Even in an organization with mature DLP Incident Remediation, whenever there is a surge of DLP incidents, incident management and response slow down naturally, leading to greater security exposure and temporal non-compliance. If the wave continues for extended periods, severe security exposure and compliance issues can threaten the business and cause nonconformities that are bound to crop up in compliance audits.
Sometimes organizations feel that too much effort is consumed in DLP incident remediation, and setting up large teams is not available. Statutory documentation and reporting for audits also consume a large amount of effort. Sometimes, when the same resources are assigned to both remediation and audit documentation, they prioritize the former for obvious reasons. Sustained high level of incidents then causes deeply unsatisfying audits that cast blame on the team for letting incidents through the cracks, inappropriate resolution, or poor documentation. In all these cases, audits consume a lot of energy for the organization, both physical and emotional.
When business is not involved consistently in the remediation of DLP incidents relevant to them, they might view their role in the resolution of incidents as peripheral and not critical. They have other priorities, which can force them to view the incidents as a problem for the “security team” to handle. It can lead to delays in stakeholder responses and approvals, leading to SLA slippage; incidents don’t resolve on time and sometimes deepen the security exposure in the interim. In addition, stakeholders often request various reports on DLP incidents, sometimes on an immediate basis, which can delay incident remediation and documentation. Ultimately, suppose these factors combine at a specific time. In that case, there can be a serious risk of unresolved incidents for long periods, defeating the very purpose of a DLP solution.
Customers are now looking for automated incident remediation. Such automation must build in collaboration with business. Documentation should ideally be automated so that there is no additional effort for compliance audits and driving action efficiency. Similarly, a variety of stakeholder reports should be automated so that they can be generated in response to requests for them whenever required. Finally, a combined dashboard must present a unified and coherent picture of data loss incidents in the organization for whomever it may concern.
Therefore, we now have specifics of an automated workflow solution that DLP Incident Remediation sorely needs. Unfortunately, no single DLP solution vendor provides this. As a group, they probably have much more important fish to fry than providing these automated workflows, especially those that work with their competitors’ products.
Your DLP Implementation is incomplete without Automated Incident Remediation.
*Note: For details, please read “Your DLP Implementation is incomplete without “Proper” Incident Remediation.”