Data Loss Prevention Seeks to Define Itself and Find Its Niche

Carl Weinschenk

Data loss prevention (DLP) is one of the better category names simply because it does such a good job of describing what the technology is meant to do. The current dynamic in the sector is well framed in this InfoWorld story. The first-generation DLP products didn't get wide deployment and the future direction of the technology is still a bit unclear.


The piece says the initial versions of DLP tried to guard everything in the messaging path from soup (the network) to nuts (the end points). The problem, experts say, is that such an ambitious approach is complex and costly and, for this reason, hasn't taken hold.


The disagreement is, naturally, about what comes next. Some experts think that adequate tools are available in messaging gateways to fulfill the DLP mandate. This is wishful thinking to others, who maintain that "DLP Lite," as one expert called it, can take care of the fundamental issues but that more comprehensive systems are necessary to meet the full challenge.


This Help Net Security piece almost serves as a bookend to the InfoWorld feature. Indeed, the writer -- a Symantec executive -- is quoted in the earlier piece. The writer says DLP does three things: It performs "deep content inspection," it automatically protects data in endpoints, networks and storage, and it alerts those in charge when something is amiss. In the future, DLP will be available both as standalone systems and as integrated elements of larger security suites.


Regardless of debates over precise definitions, DLP is an important topic. Verizon Business this week said it is expanding its security portfolio by offering outsourced DLP services. To date, the company provided on-site DLP implementations. In addition, NextLabs released Enterprise DLP 3.0 and RSA division EMC and Cisco announced a partnership. Under the agreement, RSA's DLP products will be integrated into Cisco's security tools.


One of the key problems created by the modern world of everywhere access is that security technologies overlap in a sometimes confusing manner. Network World looks at the relationship between identity monitoring and DLP. Identity monitoring, the story says, focuses on correlating information from identity management systems with other user information and integrating the product of that process with the activities a person actually performs. The writer refines this conceptual description.


The role played by DLP, the writer says, is to identify data that likely is sensitive to the identity management system. That system, based on other information about the user, makes a decision on whether any particular activity is a cause for alarm. This is all very complex, and suggests that systems in which these closely related processes and procedures are integrated from the ground up make the most sense.


Another potential problem in using a phrase such as data loss prevention as a category designation is that it can be unclear if a commentator is referring to a specific class of software and hardware or as a more general description. It's a bit unclear in this North Star Networks piece. Regardless, the writer provides a good list of five things that a company's DLP system should do: Protect all information no matter where it is; monitor all data usage and prevent data from leaving the network; detail all security breaches; automate policy enforcement; and control encrypted data.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.