Back when I started Securosis my first white paper was Understanding and Selecting a DLP Solution. It has been downloaded many thousands of times (about 400 times a month for the first couple years), and I still see it showing up all the time when I talk with clients. (Some people call it the DLP Bible, but if I said that it would be really pretentious). Although the paper is still accurate, it’s time for an update.
Over the next month I’ll be putting together the new revision of the paper and I want to make sure it reflects what you all need.
My plans right now are to:
- Update the technology details. While there haven’t been any major shifts, we’ve definitely seen some useful new features and functions to consider when looking for a tool.
- Update the section on DLP as a Feature. The current paper focuses almost completely on full-suite solutions. While that’s still the option I usually recommend, I know some of you are only looking for coverage in a particular area. I plan to add a new section so you understand how the single channel or DLP features of other security tools work.
- Updated selection process. This is where I plan on putting most of myt effort… I’ll be creating a decision tree to help you prioritize your process. This section will also be released as a worksheet you can use during your selection process. It won’t name solutions, but will walk you through, and help you figure out your priorities and how those translate to technology decisions.
- Prettier pictures.
But these are just my early ideas. If you have anything specific you want covered, feedback on the first version of the paper, or any other feedback on DLP, please let me know. You can drop it in the comments here or email me directly at rmogull@securosis.com.
Also, although I’ll still follow our Totally Transparent Research process, it doesn’t make sense to post copy edits and tweaks as blog posts. I’ll post new sections and some major edits, but you’ll have to read the paper for the rest.
Reader interactions
7 Replies to “Have DLP Questions or Feedback? Want Free Answers?”
With regard to the selection process I would be interested to know what options are available to those for a variety of reasons don
I’d love to see more coverage on the ‘Feature’ options. How many outbound email filters make practical “mini-DLP” sensors? Can I use my IDS/IPS in similar fashion? And if I go this route, implementing feature-level capabilities on this pizza-box and that one, how do I manage and REPORT on the efficacy of my ‘solution’?
Sure, I’m @chort0 on Twitter (Mike knows me). Can’t be in the next couple of hours though, prep’ing for a meeting.
—
bk
The first part doesn’t totally align with what I’ve been hearing, but agree totally on the second.
Although I disagree on the too-big conclusion. Any chance you’d be willing to hop on the phone at some point to discuss more?
OK, you’re right that was an unfair to pin it all on vendor complexity. I see two things:
Vendor issue:
– Tools are complex, difficult to understand
– A lot of the (looks-good-on-paper) gee-whiz features don’t work outside of a lab
Customer issue:
– Unable to classify data
– Can’t figure out who’s responsible for deploying/maintaining solution (very broad, touches so many teams/divisions)
– Can’t figure out what traffic to look at
So most of the time everything sits in the box while they tinker with a lab deployment for months and months. When I have seen them in production, it’s with a very small sub-set of features that the customer originally envisioned deploying.
My sample size is small (only a few dozen), but it seems like one of those technologies that spawns projects that are too-big-to-succeed.
—
bk
Good one. Full suite? No- most do not deploy all the options in the first 2 years. But I haven’t been hearing it’s the complexity of the tool… more business process issues and such.
I’ve seen some, but most larger orgs are very risk averse and take it very slow. I will try and look at the data security survey responses and I might be able to pull some actual numbers from there.
Have you actually seen a high percentage of enterprises doing successful DLP implementations within a year of purchasing a full-suite solution? Most of the businesses I’ve seen purchase the Symmantec/RSA/etc products haven’t even implemented them 2 years later because of the overwhelming complexity.
—
bk