DLP is a nightmare – Just take my word for it

DLP tools deliver strong endpoint protection.

Networkworld.com had the above write up on several Data Loss Prevention (DLP) products that they tested in their labs.  They found in the lab that even with network based DLP product this is an extremely tricky technical control to implement.  I’ve had the pleasure of implementing DLP in a production environment to 12,000 endpoints.  Let me tell you that you really need to have a solid plan for how you want to identify PII/Sensitive data.  You can try searching for patterns as they did with many of these solutions or you can tag the files with meta data and let the products filter on the meta data. 

Either way there’s a major hidden cost associated with either system performance for pattern based recognition or labor associated with tagging all of the data.  Even with all of the associated effort with tagging data no system is fool proof.  This is the perfect fence metaphor.  Users will find a way around your controls.  You just have to decide how high you want to build your fence. 


Published by Keith Townsend

Now I'm @CTOAdvisor

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: