Implementing DLP: Purchase with Caution?

There is little argument that data is the world’s newest currency. Whether by accident, fraud, policy violation or neglect, the exposure or loss of confidential information is one of the biggest threats to an organization’s security. To make matters worse, the social Web and the consumerization of information technology has made it possible for sensitive information to get lost through the organizational cracks. 

Data loss has quickly become a top concern for IT security professionals. High-profile data loss reports consistently highlight sensitive data loss as a serious problem that many organizations are not equipped to handle. Unfortunately, many IT professionals have difficulty understanding the various elements that encompass this quickly emerging technology. Because of its fast evolution, vendors rolled out products in hopes of gaining market share and capitalizing on the hype and chaos. This is an ongoing problem in the security world: Too many vendors (big and small) have crossed over into areas where they lack the expertise and proper infrastructure.

It is not the first time vendors offered solutions convenient for their bottom line instead of focusing on the users’ best interest. The security of customers’ data using the best technology at the lowest total cost of ownership should always be a priority.

Many vendors will target IT professionals looking for DLP by getting them to add DLP into their enterprise at the endpoint. While this might be appealing, starting with endpoint DLP typically leads to high costs, great complexity, and requires a great deal of effort. In the end, this seemingly cost-effective strategy backfires. Customers who fall for this typically end up paying more once prices for on-going management, licensing, and extra servers are factored into the cost and they try to expand to network protection and discovery and find their endpoint solution lacks capabilities, coverage, unified management, and more. This flawed approach is perhaps best summarized by the old adage: “You get what you pay for.”  

So what are IT professionals in need of a DLP solution to do?

Look for a DLP solution that can monitor and enforce compliance with industry and government regulations. Solutions should enable the use of Web 2.0 while providing protection for the communication of confidential data. The most common complaints about DLP are that they’re too costly and complex.  An effective solution must accurately detect confidential data — a system with too many false positives creates massive administrative overhead while providing little real value. The solution should also provide policy tools and pre-built policy templates that address common DLP concerns so that the system can deliver value without spending months (or years) doing labor-intensive policy tuning.    Evaluate not only the effectiveness of the solution, but also its viability as an affordable and realistic solution to own.  Additionally, when looking to invest in a DLP solution, buyers should closely examine not just interoperability, but whether the solution is actually unified with existing content solution architectures that include full Web and messaging capabilities. This kind of integration can significantly lower your cost of ownership and ease administration, and also provides you with a migration path from a channel DLP (such as email or Web) to a full, enterprise DLP implementation.  This approach gives you a clear and simple course to getting started, gaining experience, and expand your implementation effectively.  Websense offers the market’s leading DLP technology as part of its Websense TRITON unified content security solution.  For more information on Websense, visit http://www.websense.com/DSS.