by Anton Chuvakin | April 18, 2013 | Comments Off on My Second DLP Paper Publishes
My second paper (out of 2) on Data Loss Prevention (DLP) just went up – enjoy “Enterprise Content-Aware DLP Solution Comparison and Select Vendor Profiles.” Meant to be read together with the first paper (“Enterprise Content-Aware DLP Architecture and Operational Practices”), it focuses on the state of Data Loss Prevention technology, functional capabilities, DLP use cases, future DLP trends, risks of DLP, profiles of five DLP vendors, etc.
Quick summary: “Content-aware data loss prevention has grown up and is on the verge of becoming a standard part of security architecture. A small set of vendors dominate a majority of enterprise DLP deployments. Challenges remain with planning, deployments and operations of large-scale DLP implementations.”
A few highlights from a 70 page document:
- “DLP use for regulated data protection, in general, is simpler than its use for corporate secrets and intellectual property because regulated data is ultimately the same for every organization that is covered by a particular regulation.”
- “DLP represents a different model for information security: information-centric security. Unlike other controls that operate based on context and metadata, DLP policies apply to the content itself. This presents a surprisingly difficult shift for many organizations.”
- “DLP duality — as an enforcement and education technology — reflects the deeper truth behind DLP: Both automation (that is, blocking and encryption) and education are mandatory for data security program success.”
- “As with many other security controls, content-aware DLP may bring additional risks to an organization.”
- “Gartner research consistently demonstrates that organizations procure much more DLP functionality than they can absorb and have deployed.”
- “DLP vendors are working on data security controls for emerging IT models. However, it appears that IT delivery models are evolving faster than DLP tools.”
P.S. If you think 70 pages is too long, the paper can definitely be read piece by piece (e.g. check out sections like “Customer Perspectives”, “Forces Shaping the DLP of the Future”, “Use-Case Comparison” and others)
Somewhat related content:
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.