As an analyst, I’ve been covering DLP since before there was anything called DLP. I like to joke that I’ve talked with more people that have evaluated and deployed DLP than anyone else on the face of the planet. Yes, it’s exactly as exciting as it sounds.
But all those references were fairly self-selected. They’ve either been Gartner clients, or our current enterprise clients, that were/are typically looking for help in product selection or dealing with some sort of problem. Many of the rest are vendor-supplied references. This combination skews the conversations towards people picking products, people with problems, or those a vendor think will make them look good.
I’m currently working on an article for Information Security magazine on “Real-World DLP”, and I’m hunting for some new references to expand that field a bit. If you are using DLP, successfully or not, and are willing to talk confidentially, please drop me a line. I’m looking for real-world stories, good and bad. If you are willing to go on the record, we’re also looking for good quote sources. The focus of the article is more on implementation than selection, and will be vendor-neutral.
To be honest, one reason I’m putting this out in the open is to see if my normal reference channels are skewed. It’s time to see how our current positions and assumptions play out on the mean streets of reality.
Of course I’ll be totally pissed if I’ve been wrong this entire time and have to retract everything I’ve ever written on DLP.
**Update – Oh yeah, my email address is rmogull, that is with two ‘L’s, at securosis dot com. Please let me know.