Connect with us

Hi, what are you looking for?


Data Protection

DLP Adoption – Best Practices for Email

Understanding DLP Deployments for Email – Why focus on Email? Because it is the Most Likely Vector of Leakage

Understanding DLP Deployments for Email – Why focus on Email? Because it is the Most Likely Vector of Leakage

Enterprises today need to not only understand how Data Leak Prevention (DLP) impacts their organization, but also need to be aware of DLP specifically as it relates to email. In this column, I’ve provided best practices for DLP adoption, focusing on email as it’s the most likely vector of leakage, and also looking at DLP in the cloud.

Implementing DLP for EmailDLP solutions are best categorized into two general classes, enterprise DLP (E-DLP) and single channel DLP (C-DLP). The two categories are distinguished by the scope of the solution and the clientele. E-DLP covers the full spectrum of data protection: data at-rest, data in-motion, end-point security. Whereas, C-DLP covers a narrowly defined source of risk, such as email. E-DLP is complex, expensive to deploy, and most likely to be deployed in large regulated enterprises and those firms with secrets to protect. C-DLP is much less costly to deploy and focused on a specific problem, such as personally identifiable information (PII) in email or Web traffic.

DLP deployments typically are initiated to defend against the accidental disclosure of data. Most enterprises do not have the data protection posture of an intelligence agency with compartmentalization of data access and the restriction of sharing data. Such would inhibit productivity and innovation. Instead, the danger is that someone accidentally or inadvertently releases data that can have financial and reputational repercussions – for example, someone emails to her home email account a spreadsheet containing PII that, because the ISP is considered a public network, triggers a reporting event under privacy laws. Gartner estimates that 60% of the data leakages occur as a result of negligence not nefarious intent.

Special Attention to Email

Why focus on email? Because it is the most likely vector of leakage, followed by Web 2.0 (social media and Webmail), instant messaging, and removable media. In the case of email C-DLP solutions offer advantages over E-DLP solutions. Because C-DLP solutions are tailored to a specific method of egress, they offer greater policy control and flexibility in the actions that they are able to take on a potential incident. For example, an E-DLP solution may have the ability to monitor email traffic and block or quarantine email messages but often do not have the intelligence and functionality to modify parts of a message or performing encryption functions.

When choosing to deploy a C-DLP solution for email it is important to look for a solution that can be implemented on existing policy and routing infrastructure. This enables much finer control over email monitoring and policy enforcement since the reliable routing infrastructure already sits in-line managing real-time email traffic. This type of architecture also reduces the risk of email messages getting lost or causing and interruption in message delivery as can happen with solutions that act as proxy servers. All E-DLP solutions today are implemented on a proxy technology for in-line enforcement, which has limited the solutions primarily to monitoring, not enforcement.

DLP in the Cloud

Advertisement. Scroll to continue reading.

Cloud-based email solutions pose a challenge. For Internet collaboration and email like Microsoft Office 365 and Google Gmail, it is difficult to put effective DLP monitoring or enforcement into these environments, because the organization does not own the infrastructure. In some instances, monitoring of the traffic from within the organization to the Cloud-based service, however, in order to effectively implement policy controls that include encryption actions, it is likely that email traffic will have to be back-hauled to an on-premises email backbone where the DLP functionality resides. In that instance, a C-DLP solution may be the best option. It provides the high-function policy controls needed, but at a lower cost to deploy than E-DLP solutions.

Increasingly, businesses are looking towards lowering costs while maintaining controls with virtualized data centers that permit moving resources from on-premises hardware to infrastructure-as-a-service providers. In those instances both E-DLP and C-DLP are easier to deploy because the company is still in control of the virtual machines that happen to be running on an external physical infrastructure. Virtualization opens up the possibility of deploying virtual appliance products for C-DLP which offer some of the most compelling total cost of ownership, relative to other solutions.


C-DLP should not be considered as poor-man’s DLP or an inferior solution. It is a complimentary solution to an E-DLP solution due to its often-greater policy enforcement mechanisms. Particularly in the case of messaging, C-DLP is able to provide integration with security solutions such as encryption that become part of an over-all strategy for protecting PII and ensuring PCI compliance. C-DLP solutions complement a security strategy when moving to the cloud through the deployment of C-DLP in an on-premises email backbone. Virtual appliance products for C-DLP can provide the lowest total cost of ownership for implementing the policy controls for regulatory compliance when deploying a virtualized data center

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.