Building a business case for DLP
At a meeting with one of our clients last week – the question of business case for data loss prevention came up quite strongly. It started with the client saying that they were hearing that while vendors like Symantec and Websense were getting a lot of customers to buy their DLP products – many […]
Data loss prevention from inside out
I love how this Cisco video clip on Blip TV starts with examples of DDOS attacks and then uses shots of incoming content filtering and then dramatizes with a cop not allowing a visitor into the booth – what is going on here? Cisco didn’t have budget for an editor who knows the difference between […]
Cultural factors in security
At the DLP Expert 2009 conference in Moscow 2 weeks ago I heard the following insight from Bill Nagel from Forrester: American companies are rule-based. 40% of US companies state that they have implemented some form of DLP technology. European companies are principles-based. In EMEA, 80% of chief security officers do not have plans to […]
Free agent DLP from Sophos
Sophos has announced that they will soon include endpoint data loss prevention functionality in their anti-virus software. Developed in-house, Sophos will have an independent offering – unlike Websense, RSA, Symantec, Trend Micro and McAfee (who all purchased DLP technology) and have integrated it into their product lines with various levels of success (or not). The […]
The Americanization of IT Research
The Burton Group have released the results of their research that concludes that Symantec (Vontu), RSA (Tablus) and Websense (Port Authority) are the leading DLP vendors. Burton’s choice is indicative of the Americanization of the information security space, where government compliance regulation and large security vendor marketing agendas appear to drive US customer security decisions. […]
DLP – a Disturbing Lack of Process?
Ted Ritter has suggested that we rename DLP a Disturbing Lack of Process Indeed DLP is not a well-defined term – since so many vendors (Kaspersky anti-virus, McAfee anti-virus, Symantec anti-virus, Trend Micro Provilla, CA Backup…you name it) have labeled their products “Data loss prevention” products in an attempt to turn the tide of data […]
Datat loss prevention conference: DLP-Expert Russia
Friday October 2, 2009 I gave a talk at the data loss prevention conference DLP-Expert in Istra – just ouside of Moscow. I say “just outside” euphemistically, because it took us 4 hours to drive from Domdedovo airport to Istra – a trip of about 80 kilometers. Natalya Kaspersky presented an interesting market survey they […]
Trusted insider threats, fact and fiction
Richard Stiennon is a well known and respected IT analyst – he has a blog called IT Harvest. A recent post had to do with Trusted insider threats.Despite the length of the article, I believe that the article has a number of fundamental flaws: Overestimating the value of identity and access management in mitigating trusted […]
Is data loss prevention possible?
I recently saw an article on Computerweekly that asks – “Is data loss prevention possible?” I think that a more relevant question is “Is information protection possible?” The author correctly identifies that it’s easier to access data (and leak it) than to modify or delete data. However, the notion that data is out of control […]
Preventing document leaks
Pharmaceutical manufacturer Mylan has recently sued the Pittsburgh Post-Gazette over a series of stories describing safety issues in the Morgantown, Va., plant. The basis for the stories were documents leaked by workers in the plant – and although the information on the background to the leak is sparse – an FDA inspection has confirmed that […]
