In the previous couple of weeks I’ve talked with a number of prospects about their knowledge loss prevention initiatives. It appears that evidently many of the applications are targeted on inadvertent knowledge loss. These are points comparable to workers sending spreadsheets with PII knowledge to their Gmail account to allow them to be productive at house (a VPN is such a trouble). One other instance is much more primary – sending e-mail with PII knowledge within the clear to enterprise associates.
What I’ve heard from prospects is that they’re deploying DLP programs from firms like Symantec (Vontu), EMC/RSA (Tablus) and Intel/McAfee (Reconnex) to unravel these issues. It strikes me that these programs are costly (each from an acquisition and operational standpoint) and heavyweight options to an issue that could be higher addressed via further funding in safety consciousness coaching.
The opposite challenge I’ve is that it appears most of those programs have been deployed for compliance functions, in hopes that they’ll assist meet some regulatory standards (take a look at the cash we’re spending, we should be addressing the issue). But, most frequently there may be not sufficient planning being achieved across the supporting workflow and safety processes. Consequently, these programs have a tendency to deal with a reasonably slim info safety requirement and lack integration with different safety programs and processes. One has to surprise why DLP is not extra tightly built-in with rights administration programs, SEIM, identification and entry administration programs…even GRC.
However the actual downside, as I see it, is that the DLP vendor neighborhood hasn’t addressed crucial areas. Whereas the variety of incidents related to inadvertent PII knowledge loss is excessive, the greenback worth is not that vital. The larger downside is related to malicious insiders and expert assault groups (that appear to be malicious insiders provided that they’ll compromise customers and steal credentials). The amount of incidents on this area is low, however the greenback worth impression could be very excessive. To handle this downside requires an funding in safety processes and expert folks.