Blog post

On DLP Research

By Anton Chuvakin | October 19, 2012 | 0 Comments


It so happens that I will focus on Data Loss Prevention (DLP) this quarter, and it will be added to my coverage areas (which are, as a reminder, SIEM, vulnerability management, denial of service defense and, of course, PCI DSS compliance). While I am not exactly a novice in DLP, I need to dig MUCH deeper in order to create GTP-style research  on the subject. For now, let me present a few quotes on DLP from other research that really impressed me (all italics below are mine):

  • “Do not implement DLP with all implementation and operational responsibilities solely allocated to IT. If the lines of business do not actively support the project — for example, by assisting in the development of processes and committing to resource requirements to meet their responsibilities — then consider ceasing the project.” (
  • “Most organizations buy significantly more content-aware DLP than they use, resulting in shelfware at significant costs.” (
  • “DLP is a nontransparent control, which means it is intentionally visible to an end user with a primary value proposition of changing user behavior. This is very different from transparent controls like firewalls and antivirus programs, which are unseen by end users. Nontransparent controls represent a cultural shift for many organizations” (
  • “Content-aware DLP should not be considered as a method of managing IT-related risk (that is, fundamentally a technology risk), but rather as a comprehensive, organizationwide means of controlling and mitigating information risk (that is, a business risk).” (

So, here is my next call to action:

  • Vendors with DLP tools, got anything to say about it?  Here is a briefing link … you know what to do.
  • Enterprises, got a DLP story – either about DLP deployment or operations – to share? Hit the comments or email me privately (Gartner client NDA will cover it, if you are a client).
  • DLP-focused consultants, got a DLP story (“inspired by” your recent project) to share? I’d love to hear it as well!

And, yes, watch this space for more questions and comments, as I delve deeper into DLP architecture and operational practices.

Somewhat related posts:

Comments are closed