In this short update, we will discuss the challenges that have arisen in the DLP market since the introduction of the technology in the early years of the 21st century.
For many years, the information security market was focused on protecting organisation’s networks and assets from the internet. The assumption was then, and in many cases still is that everything which comes from the Internet is suspicious and therefore needs to be scanned for various security risks. In contrast, anything leaving out of the network is not suspicious unless there is information proving otherwise.
When DLP was originally introduced, it mainly focused on the perimeter. This led many customers to believe that it could be deployed like an Intrusion Detection System (IDS) but focusing instead on outgoing traffic.
A vendor even called it “extrusion prevention”. This attitude led to failed projects as DLP solutions are not like most security products. They are deeply entwined with the business fabric and therefore need business engagement. A DLP project can be looked at like an Enterprise Resource Planning (ERP) or Identity and Access Management project (AMP) which both require business involvement; however, unlike these solutions, customers can see value in a DLP project almost from day one.
Based on customer experience with failed DLP projects – as explained above – vendors and consulting companies started to pitch customers to look at DLP as part of a massive data protection project. This lead to complications involving long preparation process and over resourcing, which was all believed to be part of the DLP solution. This of course lead to delayed projects because of a lack of budgets and wasted resources.
The previous point also created an issue with regard to budget allocation, is DLP a security product or a business product? A DLP solution can expose sensitive data in transit, in use and in rest. In some cases the data is so sensitive that IT security shouldn’t even see it (for example financial details, private information). As a consequence, IT security can ask the business side to fund the project and allocate resources; however, the business side still regards it as a security product and refuses.
As mentioned before, DLP solutions can bring visibility to the movement of a customer’s data. Of course, once a customer has evidence he must react. Possible actions can include changing business processes, correcting IT issues and even reporting to the authorities some customers simply prefer to not know so they don’t need to act.
Lior Arbel is the Chief Technical Officer of Performanta UK. Performanta Technologies specializes in Information Security and Risk Management, offering enterprise clients end-to-end products, services and consulting capabilities.