Just program your IPS to look for credit card numbers (or similarly sensitive data) and presto, you now have content-aware DLP (well, a tiny piece of it at least). I’ve got vendors of antivirus solutions for SharePoint that can perform general expression pattern matching while they crawl the SharePoint content repository doing DLP. Seems everything is DLP nowadays.
My colleague Greg Young has written a clever series of blogs on classic vendor mistakes. This one resonated with me:
“Saying your product is in X market because X is currently ‘cool’.
DLP is hot.. It’s one of the top five IT security spending areas I see in 2010. The problem is, much of what we do in information security is ultimately directed at stopping the loss of sensitive data. So almost everything we do is a form of DLP in one way or another. So whether or not a vendor provides a DLP solution depends on how you define DLP.
Rather than rely on the vendor’s definition, turn the tables: whether or not you need a DLP solution depends on what your data protection needs are – and data protection is not a product, it’s a process.
Data protection is the process of identifying and understanding where and how sensitive information is created, consumed, processed, moved, shared, stored and retired and protecting it throughout this lifecycle.
There are a myriad of security controls and policy enforcement points that map to this process: full drive encryption, file/folder encryption, content monitoring and filtering at email and web security gateways, application-level encryption, end-user activity monitoring, sensitive data discovery tools, digital rights management, … and, yes, sure (why not?) – even an IPS or AV scanner that is programmed to look for sensitive data.
If you’ve budgeted for a DLP product in 2010, take a step back and look at the process, then decide which controls take priority in 2010. Don’t let a vendor take your money just because they position themselves as a DLP vendor. That can mean just about anything.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.