Abstract

Whereas, deployment of a comprehensive DLP solution should be a risk mitigation measure which emerges from a systematic Risk Assessment based on business and security objectives; the reality is that it is resorted to mostly as a remedial measure in the aftermath of a particularly nasty incident. Sometimes, a DLP comes about when business does well and security gets an opportunity to push through a big security investment. One does not see too many instances of DLP implementation from pure selling either; despite aggressive selling from DLP solution providers. The practical experience is consistent across industry sectors; and the essence is that while Data Leakage concerns are mostly real, remedial measures are mostly reactive and almost always ineffective. Data leakage is a critical issue for today’s information/data driven business; it is vindicated by the increasing number for data leakage related incidents and the increasing cost of those incidents to corporations. Implementing a compressive and effective DLP program may be a long term solution but there is a lot that can be done before that and a lot needs to be done with the DLP itself to make it useful.