Rolling out Data Leakage Prevention (DLP) - IT Security Purchasing Intentions 2013 - Europe

IT Security Purchasing Intentions 2013 - Europe

Rolling out Data Leakage Prevention (DLP)

4 of 11
Warwick photstory Security4.jpg

ISSA-UK a professional association for IT security professionals, advises organisations to start a Data Leakage Prevention [DLP]  project with a pilot in a small, self-contained, business area or function and to begin by detecting leaks only, rather than attempting to block them.

“Don't block anything until you know what you are dealing with and tune your policies based on that learning. Look for false negatives as well as false positives by creating lots of test scenarios, otherwise leakage of real sensitive data could occur,” said Adrian Wright, vice president of research for the group.

According to Nigel Stanley, CEO at security consultancy Incoming Thought, DLP has been sold as the answer to all a corporate’s problems when it came to data loss. But very quickly clients he worked with found it unwieldy and ineffective.

“Back in 2009 I suggested that DLP should be coupled with data encryption (DE) so that any gaps in a DLP solution should only see encrypted data going missing.

“Nowadays I see DE being the primary mechanism to prevent data loss instead of a DLP. But DE is problematic as while encrypting data is trivial, the key management can become a burden very quickly.  In clients I work with, I see DE in 95% and DLP in around 5%,” he said.

Download our complete security survey results here.

4 of 11

More from this story

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy