Beside network access control (NAC), data leakage prevention (DLP) comes to mind as the second most overly-hyped security solution on the market today. This isn't because DLP isn't useful or doesn't contribute to solving information-security related problems. Rather, it's because the problems it was designed to solve, when set against a myriad of proposed deployment strategies, have made its utility and value difficult to gauge.
Last year DLP saw something on the order of over $1.6 billion in mergers and acquisitions activity against a total pure-play DLP market space of something like $100 million in total revenue. What that means is that DLP, in its first stage of life, has become a feature of much larger information-centric lifecycle management suites of large companies with expansive portfolios.
Some of these portfolios are wide reaching and all-encompassing, while others are quite narrowly focused and solve very specific needs. Choosing the right technology and technology partner is critical.
So what's the best strategy for recommending DLP to clients? That really depends upon the business and technical problems they are trying to solve, existing vendor relationships you and they may already have and the size of the organization.
The best recommendation I can make for understanding and choosing a DLP solution is actually not my own; it belongs to Rich Mogull from Securosis. Rich covered this space for Gartner and is the authoritative source for all things DLP.
Rather than paraphrase his numerous and incredibly detailed set of criteria for DLP selection and deployment, I simply suggest reading his whitepaper on DLP. Despite being sponsored by a DLP vendor, it will give you as a reseller the understanding necessary to evaluate your partnership opportunities given your competencies, as well as enabling you to listen to your customer's requirements and recommend the most appropriate solution.
Related Q&A from Christofer Hoff
Learn why companies that place too much emphasis on security regulatory compliance run the risk of neglecting a full-orbed structured assessment ...continue reading
Learn why the upcoming changes to the Payment Card Industry Data Security Standard (PCI-DSS), designed to prevent further corporate data breaches, ...continue reading
Antivirus software has become antimalware software, and as such it has become more popular than ever. However, to address future threats it will have...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.