“Titanic” was a big ship (it also was compliant) and it was probably prestigious to be seen on its deck. However, if somebody were to tell you that it would sink soon, you would rapidly develop a need to part ways with it…. Now I am NOT saying that data loss prevention (DLP) market is the “Titanic” – far from it. Our market measurements, done elsewhere at Gartner, still show projected growth (although, this states that “DLP segment growth rates have been reduced by 9.7% and 9.9% for 2014 and 2015, respectively” due to issues like “complexity in deploying companywide DLP initiatives, value proposition realization failures and high costs”).
Think about it! In some cases, the sequence of events is truly ridiculous and goes like this:
- DLP technology is purchased and deployed
- The organization is breached and data stolen
- Anti-data breach project is initiated.
Say what?! Has Anton lost his mind while vacationing in Siberia?
I assure you that this seemingly idiotic sequence of events is real at some organizations. At others, I observed that a project to “detect exfiltration”, “gain network visibility” or even directly “stop data losses” is initiated and DLP technology is not considered central to it or even involved. In essence, they do DLP without DLP! This seemingly caught some vendors between the desire to be present in the DLP market and the readiness to jump off (such as towards an adjacent market or even into the blue ocean of new market creation) upon seen the first signs of an iceberg…
How does a DLP-less data loss project look like? As mentioned above, it may focus on exfiltration detection, network forensics/visibility (with focus on outbound data transfers) or other network-centric security analysis. Indeed, if Sony really did lose 11TB of valuable data, the challenge is not with fancy content inspection, but with basic network awareness. Even a good SIEM consuming outbound firewall logs and an analyst watching the console will be very useful for this and will allow one to detect massive data losses – and sometimes in time to stop the damage…
Posts related to DLP research in 2013:
- DLP Webinar Questions – Answered!
- Upcoming Gartner Webinar: DLP Architecture and Operational Processes
- My Second DLP Paper Publishes
- My First DLP Paper Publishes
- DLP: Education and/or Automation?
- More On Internal Data Loss Incidents
- On “Internally Lost Data” and DLP Discovery
- On Risks of DLP
- DLP and Data Classification
- DLP: Discover First or Monitor First?
- On DLP and PCI DSS
- On DLP and IP Theft
- DLP and/or/for/vs Data Security
- On DLP Processes or “No DLP For Dummies”
- On DLP Research