Networkworld.com had the above write up on several Data Loss Prevention (DLP) products that they tested in their labs. They found in the lab that even with network based DLP product this is an extremely tricky technical control to implement. I’ve had the pleasure of implementing DLP in a production environment to 12,000 endpoints. Let me tell you that you really need to have a solid plan for how you want to identify PII/Sensitive data. You can try searching for patterns as they did with many of these solutions or you can tag the files with meta data and let the products filter on the meta data.
Either way there’s a major hidden cost associated with either system performance for pattern based recognition or labor associated with tagging all of the data. Even with all of the associated effort with tagging data no system is fool proof. This is the perfect fence metaphor. Users will find a way around your controls. You just have to decide how high you want to build your fence.