Classifying data is often seen as a formidable challenge in DLP. A simple, scalable approach is to classify by context; associating a classification with the source application, data store, or user who created the data. Applying persistent classification tags to the data allows organizations to track its use.
For data distributed to user devices, or shared with partners, customers and the supply chain, different risks are present. In these cases, the data is often at highest risk at the moment of use on endpoints.
Once an organization understands the circumstances under which data is moved, user training can often mitigate the risk of accidental data loss by insiders. Employees often don’t recognize that their actions can result in data loss, and will self-correct when educated. A successful pilot will also provide lessons for expanding the program. Over time, a larger percentage of your sensitive information will be included, with minimal disruption to business processes.