Gartner: Don't let suppliers set your DLP strategy

Analyst group says get your plans sorted before talking to vendors

Businesses should plan a thorough data loss prevention strategy before talking to suppliers, Gartner has advised.

Vendors are likely to sway discussions to specific aspects of DLP, when a full strategy is required for the technology to be effective, the analyst house said.

DLP software monitors data that is in use, moving on the network and in storage, in order to prevent its unauthorised use or transmission. Gartner predicts it will become commonplace in European firms during the next six years, and said deployments were already being considered by many businesses.

"You've got to define your strategy first, then talk to the suppliers," said Paul Proctor, VP at Gartner. "At the moment businesses aren't labelling data properly, they don't know where it is, they aren't handling it properly, and their policies are poorly defined and enforced."

Speaking at Gartner's information security summit in London this week, Proctor outlined how businesses can define a complete strategy for DLP.

Organisations needed to first define their data types, followed by building a list of possible actions for that data, then defining policy, and finally negotiating with suppliers.

For defining data types, Proctor said, firms should categorise the information according to its nature and where it resides. For example, intellectual property could be split into drawings (then divided as CAD, PDF, and GIF), documents (split as structured, unstructured, labelled and unlabelled), and personal data (split by types such as credit cards or ID numbers, or by its application such as order processing or online sales).

For building a list of possible actions that could happen to the data, businesses should "boil the possible uses down to 10 to 15 situations", Proctor said. These could include data crossing the enterprise boundary; data stored in unauthorised places; the copying, printing, moving, saving, cutting and pasting of data; and business processes that could put the data at risk.

Common areas of worry for businesses included sales people stealing client information, and the offshoring of work involving critical intellectual property, he said.

Lastly, for defining policy, firms needed to set different levels of reaction according to how concerned they would be about the incident. The lowest stage could be alerting the business and recording the situation for future analysis.

The next higher stage would be intercepting the data to automatically encrypt it, move it from the risk area, or demand user justification for a particular operation. Above that, the particular operation could be automatically halted.

Proctor also highlighted Gartner's 'Magic Quadrant' of DLP suppliers, which covers those that are judged to provide the best product and service and to have the most innovative long-term business plan. Symantec, Websense and RSA were the only suppliers it placed in this category.

"A lot of people have deployed a sort of DLP for simple requirements, like protecting credit card data," he concluded. "But that isn't enough -- they need to protect all data including their valuable intellectual property."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags GartnerDLP

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Leo King

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?