Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to SearchSecurityChannel.com you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of SearchSecurityChannel.com is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
Beside network access control (NAC), data leakage prevention (DLP) comes to mind as the second most overly-hyped security solution on the market today. This isn't because DLP isn't useful or doesn't contribute to solving information-security related problems. Rather, it's because the problems it was designed to solve, when set against a myriad of proposed deployment strategies, have made its utility and value difficult to gauge.
Last year DLP saw something on the order of over $1.6 billion in mergers and acquisitions activity against a total pure-play DLP market space of something like $100 million in total revenue. What that means is that DLP, in its first stage of life, has become a feature of much larger information-centric lifecycle management suites of large companies with expansive portfolios.
Some of these portfolios are wide reaching and all-encompassing, while others are quite narrowly focused and solve very specific needs. Choosing the right technology and technology partner is critical.
So what's the best strategy for recommending DLP to clients? That really depends upon the business and technical problems they are trying to solve, existing vendor relationships you and they may already have and the size of the organization.
The best recommendation I can make for understanding and choosing a DLP solution is actually not my own; it belongs to Rich Mogull from Securosis. Rich covered this space for Gartner and is the authoritative source for all things DLP.
Rather than paraphrase his numerous and incredibly detailed set of criteria for DLP selection and deployment, I simply suggest reading his whitepaper on DLP. Despite being sponsored by a DLP vendor, it will give you as a reseller the understanding necessary to evaluate your partnership opportunities given your competencies, as well as enabling you to listen to your customer's requirements and recommend the most appropriate solution.
This was first published in May 2008