I see that McAfee has announced that it's buying Reconnex, a data loss prevention firm, for $46 million. It's the latest in a line of similar acquisitions by rival security vendors.
Data loss prevention seems to be the hot new technology focus. Content monitoring has taken over the spotlight from firewalls and intrusion prevention. That's in line with my long-standing prediction that in the future, dynamic information flows, rather than static data stocks, will be the primary focus of information security.
Technology can help prevent data leakages. But it will only work if people take the trouble to apply it and use it properly. We have the same problem with corporate policy. We can set out the rules, but managers don't have the time to read and absorb them. And even if they did, they're unlikely to have the time, budget or resources to enforce them.
Effective prevention of data leaks needs to start with good security awareness, and the encouragement of a more sophisticated security culture. Not the old fashioned one that locks everything away from prying eyes. But one that appreciates the benefits of information sharing, yet, at the same time, also addresses the associated risks. That's the real challenge for data loss prevention.
Comments (2)
The DLP technology would be much more effective if corporations paid more attention to the false positive rate (accuracy of the detection algorithms) prior to purchase. If the rate is not a virtual zero, then the solution will allow you to watch the data leave and not STOP the data! Enterprises need both the ability to monitor as well as STOP the data from leaving.
As a consultant working for a large enterprise, my team has evaluated all the leading vendors. All evaluations should include GTB Technologies, as their detection is unbeatable.
Posted by Paul | August 4, 2008 4:43 PM
Posted on August 4, 2008 16:43
Thanks David. You make the case for mandatory access controls and scalable multilevel security.
A whole lot of potential data leakage problems disappear if unauthorized data access by authorized users is eliminated in the first place! Since such systems are deterministic and use white listing, there are no false positives.
Posted by Rob Lewis | August 5, 2008 7:11 PM
Posted on August 5, 2008 19:11