On DLP Research
by Anton Chuvakin | October 19, 2012 | 2 Comments
It so happens that I will focus on Data Loss Prevention (DLP) this quarter, and it will be added to my coverage areas (which are, as a reminder, SIEM, vulnerability management, denial of service defense and, of course, PCI DSS compliance). While I am not exactly a novice in DLP, I need to dig MUCH deeper in order to create GTP-style research on the subject. For now, let me present a few quotes on DLP from other research that really impressed me (all italics below are mine):
- “Do not implement DLP with all implementation and operational responsibilities solely allocated to IT. If the lines of business do not actively support the project — for example, by assisting in the development of processes and committing to resource requirements to meet their responsibilities — then consider ceasing the project.” (http://www.gartner.com/resId=1925115)
- “Most organizations buy significantly more content-aware DLP than they use, resulting in shelfware at significant costs.” (http://www.gartner.com/resId=1433239)
- “DLP is a nontransparent control, which means it is intentionally visible to an end user with a primary value proposition of changing user behavior. This is very different from transparent controls like firewalls and antivirus programs, which are unseen by end users. Nontransparent controls represent a cultural shift for many organizations” (http://www.gartner.com/resId=1421941)
- “Content-aware DLP should not be considered as a method of managing IT-related risk (that is, fundamentally a technology risk), but rather as a comprehensive, organizationwide means of controlling and mitigating information risk (that is, a business risk).” (http://www.gartner.com/resId=1925115)
So, here is my next call to action:
- Vendors with DLP tools, got anything to say about it? Here is a briefing link … you know what to do.
- Enterprises, got a DLP story – either about DLP deployment or operations – to share? Hit the comments or email me privately (Gartner client NDA will cover it, if you are a client).
- DLP-focused consultants, got a DLP story (“inspired by” your recent project) to share? I’d love to hear it as well!
And, yes, watch this space for more questions and comments, as I delve deeper into DLP architecture and operational practices.
Somewhat related posts:
Additional Resources
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.
Read Free Gartner Research
Category: dlp security
Tags: data-security dlp security
Anton Chuvakin
Research VP and Distinguished Analyst
8 years with Gartner
19 years IT industry
Thoughts on On DLP Research
Comments are closed
Who's Blogging
- Robert Hetu
- Lizzy Foo
- Andrew White
- Daniel Sanchezreina
- Debbie Wilson
- Marco Meinardi
- Mark Mcdonald
- Vivek Swaminathan
- John Wheeler
- Craig Roth
- Simon Walker
- Bill Ray
- Avivah Litan
- Nicole Greene
- Tony Iams
- Jitendra Subramanyam
- Hank Barnes
- Scot Kim
- Mark Diodati
- Julian Poulter
- Jane Anne
- Rene Buest
- Rajesh Kandaswamy
- Samantha Searle
- Cassandra Nordlund
- Olive Huang
- Leah Reidy
- Dave Egloff
- Sally Witzky
- Anthony Bradley
- Steve Rietberg
- Marty Resnick
- Stephen White
- Kristina Laroccacerrone
- Ray Pun
- Jennifer Polk
- Emily Moquin
- Jason Mcnellis
- Jay Wilson
- Rick Franzosa
- Frances Russell
- Augusto Barros
- Jason Wong
- Marko Sillanpaa
- Augie Ray
- David Furlonger
- Christophe Uzureau
- Rick Lafond
- Danielle Henneberger
- Eric Schmitt
About
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.
[…] Anton Chuvakin is a research director at Gartner's IT1 Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio Coverage Areas: ← On DLP Research […]
[…] On DLP Research […]