Analyzing network structure
To best employ Forcepoint DLP:
- Analyze your network structure.
- Determine the location of confidential information.
- Note which documents need to be protected and where they are located.
- Determine whether changes to the network directory structure are needed to group documents differently for security purposes.
In most organizations, user rights have been determined and built into the network directory structure. The existing configuration may be fine as it is. On the other hand, internal network definitions may need to change to accommodate current, higher security needs.
Structural guidelines
It is possible to configure the system so that a particular user cannot access specified documents through the network, but can receive them by email. For example, a manager would not want employees to access documents in his or her personal folder, but would want to be able to send the documents to them by email. It is therefore important to perform this analysis with a network administrator, so that changes are implemented in a smooth, logical fashion.
Typically, network directories are organized functionally, according to the different business units in the company. Within this structure, functional groups are usually entitled to look at documents within their business unit.
The recommended process is:
- Take a network map of all the directories, and look at how the network access is organized.
- Determine what types of classified documents the organization has, and where they are located.
- Determine whether documents of similar confidentiality are together in similar directories.
- Organize/group information that is critical to the organization and information whose security is legally mandated.
For example, financial institutions may start by considering customer data (such as Social Security numbers or account numbers) and highly confidential business information.
- Organize/group important proprietary and confidential information with medium or low change-frequency
- Arrange all major information assets so that data locations, relationships, and security-value hierarchies are well understood.
- Organize/group information that is critical to the organization and information whose security is legally mandated.
The result of this analysis should be a table identifying the directories in the network that need to be protected, indicating what types of users should be able to receive those files. This should provide insight into access issues.
It may be desirable to rearrange some areas of network access, and set the data security accordingly. See below for recommended procedures.