The DLP market is starting to mature, and products are becoming more stable, hence the very consistent 'passing' grades across products on our endpoint tests. With more similarities than differences in product features, choosing a DLP vendor is likely to hinge on considerations other than feature-by-feature comparisons. Factors such as market share, vendor strength and reputation, and TCO (total cost of ownership) should be taken into account. Organizations new to DLP may wish to deploy DLP solutions as a gradual process, starting out with easily implemented solutions such as a single-channel or hosted solution. Organizations who seek to immediately protect all channels and all network layers will more likely be drawn to full suite products they can install and maintain directly. (All of the vendors in our test offer DLP products beyond endpoint in one form or another.)
TCO is comprised of many elements, but in addition to product cost, organizations should expect a fairly significant learning curve if they have no prior experience with DLP and expect to jump right into a full DLP suite. The learning curve has less to do with plugging the vendor's product into the corporate network (which we found to be quite straightforward with all products tested), than going through the business process of deciding which data needs protection, what actions to take if policies are violated, and determining where the buck stops and who is allowed to 'override' the system. This gets into the area of usability and user productivity vs. data protection, a topic beyond the scope of this review, but not an area that should get short shrift. More than one vendor told us that DLP administrators who went about locking the network down without going through the proper management channels reduced their DLP product to 'shelfware' in rather short order.
It was nonetheless quite empowering to view the capabilities of each DLP tool we tested in real time as a mechanism for gaining control over what is becoming a battle that can no longer be waged by passive methods, such as viewing and analyzing server logs. While such data is useful, it is largely academic, since it cannot predict where the next data leak will come from, and log analyzers can't prevent loss, only report it after the fact. Whether an organization's data protection needs center around regulatory compliance, or protecting intellectual property or other sensitive corporate data, a good, centrally-managed DLP solution can greatly reduce attack risks (both from within and without). DLP products are becoming an essential component in the increasingly complex challenge of protecting digital assets.
Perschke is CSO for Arc Seven Technology. She is also an experienced technical writer, and has written numerous white papers for a number of organizations, including Fortune 500 companies. Susan can be reached at firstname.lastname@example.org.