Data leakage prevention

I see that McAfee has announced that it’s buying Reconnex, a data loss prevention firm, for $46 million. It’s the latest in a line of similar acquisitions by rival security vendors.  

Data loss prevention seems to be the hot new technology focus. Content monitoring has taken over the spotlight from firewalls and intrusion prevention. That’s in line with my long-standing prediction that in the future, dynamic information flows, rather than static data stocks, will be the primary focus of information security. 

Technology can help prevent data leakages. But it will only work if people take the trouble to apply it and use it properly. We have the same problem with corporate policy. We can set out the rules, but managers don’t have the time to read and absorb them. And even if they did, they’re unlikely to have the time, budget or resources to enforce them. 

Effective prevention of data leaks needs to start with good security awareness, and the encouragement of a more sophisticated security culture. Not the old fashioned one that locks everything away from prying eyes. But one that appreciates the benefits of information sharing, yet, at the same time, also addresses the associated risks. That’s the real challenge for data loss prevention.