We’re going to be talking a lot about DLP content discovery this week. One interesting development over the past few years is the overlap of DLP, E-Discovery, and content classification tools. All three categories offer the ability to find and classify content, but they sell to different audiences for different purposes.

DLP content discovery currently has the most advanced analysis techniques, in large part because it is very focused on finding specific policy matches. It is a security-driven tool, with audit, legal, and compliance implications.

Electronic discovery (E-Discovery) is designed to provide investigators required evidence to support legal discovery. The tools tend to have more basic analysis techniques (often keyword based). They differ from many DLP tools in the nature of provided reports and how they manage the chain of evidence. We are starting to see DLP provide some of this functionality, or be used in conjunction with e-discovery tools, thanks to its more advanced content analysis.

Content classification tools are designed to support Information Lifecycle Management initiatives and are sold to storage teams. They are often high performing, but offer only basic content analysis techniques. Content classification tools are tasked with assigning a classification level to everything they touch, as opposed to finding policy violations.

Of the three, DLP content discovery tends to have superior content analysis techniques. At this point I recommend DLP to security/compliance/risk, content classification to storage, and e-discovery as needed for legal. Over time we expect to see consolidation and overlap between these categories, eventually merging into a single code base, but we will continue to see different “management lenses” to meet the needs of these different buying centers.

Technorati Tags: Content Discovery, Data Loss Prevention, Information Security, Information-centric security, E-Discovery, Security

Posted on April 15