Selling Data Leak Prevention

/**/ /**/

John Kindervag, senior security architect at Atlanta-based integrator Vigilar, gives some pointers on how to break through customers' preconceived notions about data leak prevention technology:

DEMONSTRATE ROI: Showing ROI to the customer is important because DLP is awfully expensive. It's hard to calculate ROI in security on a good day, but DLP is so intangible that in order to get a sense of ROI you need to have some sense of what your data is worth. Government organizations already do this, but most companies don't even know where all of their data exists on the network. Many companies have a lot of ad hoc networks that they've gained from acquisitions, and these networks can add to the potential for exposure.

DISCOVER THAT DATA: We've seen important personal information stored in Access databases, Excel spreadsheets, e-mail archives and various types of documents spread throughout the company. ... From the services side, people are looking for products that will make it easier to find data and lower their risk.

SOLUTIONS EVOLVING: In the future, I think DLP will be deployed as a combination of host- and network-based technologies. You'll need some kind of agent-based software to handle e-discovery and find all the data and a gateway device that sees the data as it's coming into your network. We hear names like extrusion prevention or egress filtering ... but we haven't found the technology yet that's really good about stopping data from getting out.

KNOW COMPLIANCE: Most DLP projects are being driven by compliance, so it's important to know how the technology relates to different organizations and verticals such as health care and finance.

id
unit-1659132512259
type
Sponsored post

BE PATIENT: I think DLP will be one of those technologies that limps along until there's a big compliance reason for companies to do it. If you look at log management, that's a technology that wasn't very sexy until PCI added a log management requirement, and it's now growing along with the SIEM [security information and event management] market. We've been seeing people ask about DLP after they've had a data loss incident, which serves as a wake-up call that they need to put something in place to prevent a recurrence. But if they haven't experienced any pain from data loss, organizations are sometimes unwilling to spend because they don't see the ROI in deploying DLP.

—Interview by Kevin McLaughlin