RISK ASSESSMENT: Front-end DLP services are mainly in risk assessment, which includes evaluating what products can 'see' within the environment and figuring out where data is flowing. Risk assessment enables the DLP solution to be placed at a specific point where you can collect data about what sensitive traffic may be leaving the environment. This is a real eye- opener for many customers who have never truly seen what types of data are leaving their environments.
DISCOVER THE DATA: Regulated companies, of course, need to get a handle on their sensitive data. But for nonregulated organizations, there is actually more to the discovery phase since these organizations lack compliance mandates stipulating which data needs to be kept safe. In addition, there's a lot of work involved with discovering sensitive information in unstructured data like spreadsheets, Word documents and e-mails.
ADDING VALUE: In most cases, adding services value to a DLP deal is a matter of what the customer wants to protect and how you position products and solutions to achieve that goal. Once you've done that, then the value is in helping the client roll out the solution, which is where you tackle issues like incident workflow, setting actions, and either blocking traffic or letting it through.
TAKING ACTION: There are concerns about false positives blocking valid traffic, so a lot of our services efforts are based around detection, tuning and what actions to take. There are also services around operationalizing DLP, which is where you get into asset protection, dealing with incidents and general care to make sure data breaches don't happen.
KNOW THE TIME: The time involved in deploying DLP varies because the solution potentially involves many groups within an organization. I would say the longest cycle for deploying DLP is somewhere between 12 and 18 months, with larger organizations being on the higher end of this scale. DLP is catching on slowly in the SMB due to generally less regulatory concerns, and thus we don't have a lot of statistics here. However, DLP will reach this space as well with less complex deployments.
—Interview by Kevin McLaughlin
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
