In our last post we detailed content protection requirements, so now it’s time to close out our discussion of technical requirements with infrastructure integration.
To work properly, all DLP tools need some degree of integration with your existing infrastructure. The most common integration points are:
- Directory servers to determine users and build user, role, and business unit policies. At minimum, you need to know who to investigate when you receive an alert.
- DHCP servers so you can correlate IP addresses with users. You don’t need this if all you are looking at is email or endpoints, but for any other network monitoring it’s critical.
- SMTP gateway this can be as simple as adding your DLP tool as another hop in the MTA chain, but could also be more involved.
- Perimeter router/firewall for passive network monitoring you need someplace to position the DLP sensor – typically a SPAN or mirror port, as we discussed earlier.
- Web gateway will probably integrate with your DLP system if you want to on filtering web traffic with DLP policies. If you want to monitor SSL traffic (you do!), you’ll need to integrate with something capable of serving as a reverse proxy (man in the middle).
- Storage platforms to install client software to integrate with your storage repositories, rather than relying purely on remote network/file share scanning.
- Endpoint platforms must be compatible to accept the endpoint DLP agent. You may also want to use an existing software distribution tool to deploy the it.
I don’t mean to make this sound overly complex – many DLP deployments only integrate with a few of these infrastructure components, or the functionality is included within the DLP product. Integration might be as simple as dropping a DLP server on a SPAN port, pointing it at your directory server, and adding it into the email MTA chain. But for developing requirements, it’s better to over-plan than miss a crucial piece that blocks expansion later.
Finally, if you plan on deploying any database or document based policies, fill out the storage section of the table. Even if you don’t plan to scan your storage repositories, you’ll be using them to build partial document matching and database fingerprinting policies.