Anton Chuvakin

A member of the Gartner Blog Network

Anton Chuvakin
Research Director
1 year with Gartner
12 years IT industry

Anton Chuvakin is a research director at Gartner's IT1 Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Coverage Areas:

On DLP Research

by Anton Chuvakin  |  October 19, 2012  |  2 Comments

It so happens that I will focus on Data Loss Prevention (DLP) this quarter, and it will be added to my coverage areas (which are, as a reminder, SIEM, vulnerability management, denial of service defense and, of course, PCI DSS compliance). While I am not exactly a novice in DLP, I need to dig MUCH deeper in order to create GTP-style research  on the subject. For now, let me present a few quotes on DLP from other research that really impressed me (all italics below are mine):

  • “Do not implement DLP with all implementation and operational responsibilities solely allocated to IT. If the lines of business do not actively support the project — for example, by assisting in the development of processes and committing to resource requirements to meet their responsibilities — then consider ceasing the project.” (http://www.gartner.com/resId=1925115)
  • “Most organizations buy significantly more content-aware DLP than they use, resulting in shelfware at significant costs.” (http://www.gartner.com/resId=1433239)
  • “DLP is a nontransparent control, which means it is intentionally visible to an end user with a primary value proposition of changing user behavior. This is very different from transparent controls like firewalls and antivirus programs, which are unseen by end users. Nontransparent controls represent a cultural shift for many organizations” (http://www.gartner.com/resId=1421941)
  • “Content-aware DLP should not be considered as a method of managing IT-related risk (that is, fundamentally a technology risk), but rather as a comprehensive, organizationwide means of controlling and mitigating information risk (that is, a business risk).” (http://www.gartner.com/resId=1925115)

So, here is my next call to action:

  • Vendors with DLP tools, got anything to say about it?  Here is a briefing link … you know what to do.
  • Enterprises, got a DLP story – either about DLP deployment or operations – to share? Hit the comments or email me privately (Gartner client NDA will cover it, if you are a client).
  • DLP-focused consultants, got a DLP story (“inspired by” your recent project) to share? I’d love to hear it as well!

And, yes, watch this space for more questions and comments, as I delve deeper into DLP architecture and operational practices.

Somewhat related posts:

2 Comments »

Category: DLP security     Tags: , ,

2 responses so far ↓

  • 1 On DLP Processes or “No DLP For Dummies”   October 25, 2012 at 7:36 pm

    [...] Anton Chuvakin is a research director at Gartner's IT1 Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio Coverage Areas: ← On DLP Research [...]

  • 2 DLP and/or/for/vs Data Security   November 1, 2012 at 4:42 pm

    [...] On DLP Research [...]