Blog post

My Second DLP Paper Publishes

By Anton Chuvakin | April 18, 2013 | 0 Comments

securityDLPdata

My second paper (out of 2) on Data Loss Prevention (DLP) just went up – enjoy “Enterprise Content-Aware DLP Solution Comparison and Select Vendor Profiles.” Meant to be read together with the first paper (“Enterprise Content-Aware DLP Architecture and Operational Practices”),  it focuses on the state of Data Loss Prevention technology, functional capabilities, DLP use cases, future DLP trends, risks of DLP,  profiles of five DLP vendors, etc.

Quick summary: “Content-aware data loss prevention has grown up and is on the verge of becoming a standard part of security architecture. A small set of vendors dominate a majority of enterprise DLP deployments. Challenges remain with planning, deployments and operations of large-scale DLP implementations.”

A few highlights from a 70 page document:

  • “DLP use for regulated data protection, in general, is simpler than its use for corporate secrets and intellectual property because regulated data is ultimately the same for every organization that is covered by a particular regulation.”
  • “DLP represents a different model for information security: information-centric security. Unlike other controls that operate based on context and metadata, DLP policies apply to the content itself. This presents a surprisingly difficult shift for many organizations.”
  • “DLP duality — as an enforcement and education technology — reflects the deeper truth behind DLP: Both automation (that is, blocking and encryption) and education are mandatory for data security program success.”
  • “As with many other security controls, content-aware DLP may bring additional risks to an organization.”
  • “Gartner research consistently demonstrates that organizations procure much more DLP functionality than they can absorb and have deployed.”
  • “DLP vendors are working on data security controls for emerging IT models. However, it appears that IT delivery models are evolving faster than DLP tools.”

P.S. If you think 70 pages is too long, the paper can definitely be read piece by piece (e.g. check out sections like “Customer Perspectives”, “Forces Shaping the DLP of the Future”, “Use-Case Comparison” and others)

Enjoy the paper! (sorry, Gartner GTP subscriber access only)

Somewhat related content:

Comments are closed