Wednesday, December 10, 2008

DLP Works – If You Know What “Works” Mean!

I’ve been reading all the recent DLP-related stuff (esp Rich’s ”Analysis Of The Microsoft/RSA Data Loss Prevention Partnership“ as well as this DLP gem -  “My Wife Finally Knows What I Do”) and thinking a bit about it. Also, I have to respond to a few folks who hold a somewhat naive belief that “DLP technology is a solution in search of a problem.”  Nah, it is actually a good workable solution for a specific problem hilarity ensues only when you start thinking that DLP will address all your data security needs ...  So, if “a magic bullet” is a bullet that you can shoot ANY monster with – and it would die, DLP is not a magic bullet (nor is it a silver bullet that can, if my fantasy skills serve me right, kill any undead monster :-))   

As my previous DLP musings (here and here and here) mentioned, using DLP tools will solve some of the real problems that people have today; that much is established. However, two questions remain:

  1. Will you have to kill yourself and ravage your IT environment in order to apply it successfully?
  2. Will it stop/detect all the leaks, with the sad exception of those that you actually care about?

I do think that there are tools that actually solve the problem of a) accidental leaks over a set of network channels and b) specific set of malicious leaks over a set of network channels and to do that without massive ‘collareral damage’ to your mental sanity and IT infrastructure. And, to top it off, they do it without falling victim to questions #1 and #1 above.  If you want more (like, a box to stop ALL malicious leaks without any work on your part) … well…. me too :-)

In light of the above, I don’t think that DLP is “another NAC” (which is as good as gone now that  even Cisco is not doing much of it.) The reason DLP is not another NAC is: it solves a much more isolated problem of discovering, learning and then detecting/blocking the movement of specific content. Maybe “DLP fused with DRM and embedded into an OS” will indeed turn out to be a NAC-sized boondoggle, but a clean DLP box that does a few things well AND running in an environment where these same things needs to be done deserves to be deployed.

BTW,  NextTier (where I am on the Advisory Board) is now listed in “10 IT security companies to watch.” While some companies from past years fared disastrously, I think workable DLP technology that people can use without killing themselves with massive data classification has a better future than that. BTW, NextTier is doing a beta program for a new release soon. Interested?

Possibly related posts:

Dr Anton Chuvakin