top of page
Search
Marc Luescher

Data Loss Prevention (DLP) with ESA 13.5.3-010

DLP for email is becoming more and more a requirement in the healthcare sector. As part of our rollout we have been piloting with a pretty large pilot of group of almost 1500 business and IT users. This is to gather experience about the functionality, the efficacy of detection, the rate of false positives and many more.


My comments about the current functionality :


-The HIPAA rule can not be fine tuned. It's an out of the box canned rule where you can only change the category (Low, Medium, High and Critical) based on the value. This is not granular enough to allow for company specific needs where a medical term identified would be more important then a personal name. There are many identifiers and I think it is absolutely a must to be able change the weighting or ever single identifier. A combined new rule would also allow to modify every single identifier with additional criteria like prefix, weight and range.

-Passport number rule only triggers when additional context is added like a "c". Not sure who came up with that idea but I would prefer more control as well as customizable prefixes.

-NPI National Partner Identifiers. Same as above, we need more granularity to be able to add prefixes and other detection schemes including dictionaries with valid NPI's etc.

-Most of the DLP rules are not fully exposed, I assume due to licensing issues with Digital Guardian, the provider of the Cisco DLP engine, but this greatly reduces some of the usability of this otherwise very robust feature.


There are many more but just wanted to give you my initial thoughts. On the good side email addresses assigned directly to a DLP policy have been case sensitive, meaning marc.luescher@gamil.com is not equal to Marc.Luescher@gmail.com. With the latest DLP engine update from June 2021 this limitation is finally gone.


More to come.





100 views0 comments

Comments


bottom of page