As most of you have probably figured out by now I tend to expend a lot of hot air trying to define DLP/CMF/CMP (Data Loss Prevention, Content Monitoring and Filtering, or Content Monitoring and Protection). I often take vendors to task for abusing the terms, since they are just increasing market confusion.
As Rothman points out it won’t be me, or any particular vendor, that really defines DLP. Only the market defines the market, although some of us influential types occasionally get to nudge it in our preferred direction.
While I took Postini/Google to task for calling regular expressions on a single channel (email) DLP, the dirty little secret of DLP is that probably 80-90% of deployments today rely mostly, or totally, on regex for content analysis.
Barely anyone deploys the fancy advanced features that I spend so much time talking about, and that the vendors spend so much time developing. So why do I spend so much time fighting for the purity of DLP? It’s because most organizations, in the long run, will only get a fraction of the value of their investment in terms of risk reduction and operational efficiencies without us pushing the products forward with new features and more advanced analysis.
But if all you want to do is detect on credit card and Social Security Numbers, and you find that the false positives are manageable, something with a regex engine is probably good enough for you. At least for now.