SDLP offers a great amount of access to multiple channels in an easily configured interface for the raw collection and reporting of data.
This information is well formed though integration of AD, Custom Attributes, Access Controls and Historical Analysis.
In fact I quite like the system as it is. There is room for a great deal of improvement. But if nothing changed I will continue to recommend SDLP as a very positive part a data protection and privacy practice.
I recemmend the use of facets (time, entities, concepts, monetary, weights & measures) into policy definitions for indications to the reviewer and reports so that content aware decisions can be made about data content and relationships.
Response rules can be effectively written and enforced especially within dynamic environments by labelling this sort of information.
Example in three easy steps:
- Create an AD directory of users names/groups as a Data Identifiers' (AB-CCCC/DD) or EDM DB (when possible).
- Create Domain List definitions for trusted and untrusted (MAC Address, IP Range, NAS, SAN).
- Set Report Configuration for desired entities and let the fun begin.
From that moment monitoring rules can be defined across multiple groups (partners, competitors and co-co-opetition) as normal traffic. Abnormalities can be more easily identified in a shorter amount of time and with a higher degree of accuracy by taking advantage of the data relationships that will certainly exist.
From there you can assess the common and uncommon access to sensitive information.
Nice way to begin an SDLP project.
Another step or phase is a closer look at the web archive. Great feature.