ITS Partners Insights

SUCCESS STORY: Managing Data Loss Prevention

Written by Chad Dupin | June 2, 2017

Lots-To-Lose, Inc. didn’t see the ROI of DLP until they stopped managing it in-house.

Lots-To-Lose, Inc. implemented DLP but after 36 months they still had not been able to reach Level 1 on the DLP maturity scale. ITS was brought in to help and we found they were dealing with a surge of false positives, the incident queue was not getting attention, and they hadn’t figured out how to access meaningful reports that showed the value of the solution.

The key DLP problems we uncovered at Lots-To-Lose, Inc.

  • The team was bogged down in an endless surge of false positives.
  • The incident queue was no longer being reviewed regularly.
  • They lacked meaningful reports to demonstrate the value of the solution.

The main reasons why DLP was suffering at Lots-To-Lose, Inc.

  • They had a compliance checkbox mindset.
  • A plan was not in place to mature DLP over time.
  • DLP was treated as someone’s part-time job.
  • There was a lack of deep tool knowledge to make the most of the solution.
  • They lacked the knowledge to customize policies to fit the organization’s needs.
  • The processes and automation did not exist to efficiently manage DLP.

Lots-To-Lose, Inc. knew that data leaks can be costly.

A single breach could cost Lots-To-Lose, Inc. upwards of $5,000,000!  That includes not only the direct losses from the lost or stolen data, but the indirect expenses associated with regulatory compliance and preventative measures.  On top of all that, there would also be the immeasurable costs from the damage their brand and reputation would suffer.

How we knew DLP wasn’t maturing at Lots-To-Lose, Inc.

Endless surge of false positives.

False positives was the biggest problem at Lots-To-Lose. They were drowning in useless data because of a cacophony of alerts triggered by thousands of benign events.

DLP incidents were no longer being reviewed regularly.

When we assessed the DLP situation at Lots-To-Lose, Inc., we found a backlog of incidents that have not been opened or reviewed. This isn’t a surprise–the team didn’t have the right processes or diagnostics tools to review the alerts in an efficient way.

Lack of meaningful reports to prove DLP value and compliance.

Lots-to-Lose, Inc. had several suites of sensors that were scanning multiple aspects of their enterprise network–from servers to endpoints, and everything between.  All these sensors dropped their data into separate logs–all of which had their own interface.  A plethora of DLP data was being constantly gathered, but there was no intelligent tool to gather it, understand it, and generate meaningful reports with it. Without the knowledge of what metrics mattered or how to make the data accessible, no one was able to prove to the upper management that the DLP system was actually doing anything useful or generating any return on investment.

[row][column md="12"]
[rt_callout class="action-box" title="Download the full success story and learn about the 11 reasons why Lots To Lose, Inc. turned to ITS Managed Services to manage DLP." btn_class="btn btn-info btn-lg" btn_url="https://www.itsdelivers.com/wp-content/uploads/17-ITS-0023_Managing-Data-Loss-Prevention_2017-05-30.pdf" btn_name="Free Download"]
[/rt_callout]
[/column][/row]