f purchasing DLP systems maintenance services, which allows saving on several parameters at once: the initial costs of purchasing the system, the costs of purchasing the equipment necessary for its installation, and, of course, saving on human resources to work with the system.
In essence, such a service will operate in a mode similar to the SOC format, since the company that takes on full-scale technical support not only of the system itself, but also of the infrastructure is designed to provide all the life of the DLP system, and the customer will receive only the results of already processed events and decide to conduct an internal investigation into a specific employee offending.
What to work with
Before launching the DLP system into commercial operation, we are obliged to determine what information in the company is confidential, and record this in internal regulatory documents, if this has not been done before.
Then it is necessary to form a package of documents related to the so-called legalization of the system in the company, since we all understand that without the adoption of binding documents, it will be difficult for us to hold employees accountable in the event of an incident.
Moreover, consulting (or, rather, legal) support is required not only at the beginning of the journey, but at all its stages. If we nevertheless decide to go all the way and sue the employee or go to law enforcement agencies, we will also need to correctly draw up documents and subsequently represent the company's interests in these bodies.
So, in fact, we need support in several areas at once: technical, analytical, legal. Without any of these areas, the system will either not work at all, or it will be ineffective for us. It turns out that an outsourcing company that provides DLP support services should be ready to provide work in all of these areas.
DLP consumption patterns
So far, not all business leaders in Russia are ready to switch to DLP outsourcing: it is difficult psychologically. Nevertheless, the demand for such services will grow, since the savings in this case are obvious.
I would like to separately note that Russian DLP manufacturers today provide their customers with the opportunity to purchase systems using flexible financial models - up to installments. This is likely to be a breakthrough in the well-established DLP market.
Not all manufacturers are ready to change the sales scheme that has been worked out over the years, but the interest is undoubted and there are those who are ready to work with outsourcing companies or service providers according to the new scheme. This approach will help the joint efforts of vendors and outsourcing companies to offer full-fledged services, including those operating in the SOC format. Over time, this will get rid of the negativity shown by many companies to DLP systems due to the complexity of their installation and further operation.
This trend will also allow changing the general attitude towards information security, which is still trying to perceive not as a permanent process with an integrated approach, but as isolated actions that usually begin to be taken only in the event of a serious incident that already has certain consequences.
Service Provider Disclosure Risks
When working with their customers, Softline experts often have to answer the question of how great are the risks of information leakage through a service provider. Outsourcing DLP maintenance can be psychologically difficult, and many people prefer to outsource this functionality to employees within the state.
Legally, this gives very weak protection, since even the obligations of the employee prescribed in the employment contract will not give one hundred percent guarantee that he will not allow the disclosure of information entrusted to him. Moreover, the employment contract is designed to protect the employee - and for a civil law contract that you sign with a service provider, both parties are equal in their rights and can fix conditions favorable to everyone (fines, penalties, etc.).
If a full-time employee is involved in DLP maintenance, it is important that the company has a full package of regulations that govern information confidentiality issues. The court will reject any claims against the employee if it turns out that he has violated a rule, the existence of which he knew only in words.
The outsourcing company is a priori not interested in admitting such violations due to the fact that the services provided to the customer are the essence of its business; a serious organization cares very much about its reputation in the market. Large providers go to great lengths to check the reliability of hired employees and their subsequent monitoring. These measures, as a rule, are much more serious than those that a business takes at its level.
You should always pay attention to the reputation of the outsourcing company, the history of its relationships with customers, their duration. Ultimately, this will determine the reliability of the company offering you services - especially since the information security market in Russia remains very narrow in terms of the number of specialized companies and the people working in them, which means that you can always make inquiries and get the maximum benefit with minimal risks.
Conclusions
This year has shown that you need to be ready for anything, and forgetting about safety is usually always more expensive than spending money and time on ensuring it. Over the next year, we will certainly observe a tendency towards a change in the nature of the services offered and their sales schemes in order to form profitable and useful offers for customers. Practice shows that often it is the service consumption of information security that makes it possible to achieve the highest results, especially in the case of working on the development and maintenance of such complex systems as SOC and DLP. Large service providers have accumulated sufficient experience to deeply understand the customer's business processes and approach protection against internal and external risks as efficiently and delicately as possible.
Source: https://www.anti-malware.ru/analytics/Technology_Analysis/DLP-as-a-core-of-SOC