I think the name of the technology itself, Data Leakage Prevention (DLP), is misleading. Whatever scope of being misled is left, is usually done away by our brave technology sales people (no offence intended, it their job!). I remember clearly when I first encountered DLP as a technology. It was more than 5 years ago. No one is APAC (or at least in India knew what DLP was). While working as a freelancer, the VP of a big manufacturing company wasdiscussing with me the issues he was having with the data in their network. Mobile data cards had just been launched and the VP was worried about his executives carrying around sensitive information on laptops. Though they has controls on the intranet level, once the node was out of the corporate network, it reigned free (I know this is nothing new, but I am telling this story to make a point, kindly bear :D). After understanding all his issues I went back and asked Mr. Google and it came up with very interesting answers.
DLP. It said. Shall set you free.
After some more inputs from some of my good friends who were industry seniors, I was convinced, DLP was the proverbial silver bullet to fix all data leak issues. I went and sold the solution with the same conviction. Fast forward to today, I see my sales buddies doing the same. Selling DLP as the one shot fix for all data leaks.
And I don’t blame them. This is the impression one gets of DLP without understanding the whole picture. The way the technology is presented, that makes us feel so comfortable in its arms. Sigh. All my data leaks worries are now far far away.
But is it really?
Experience has taught me otherwise. More in the second part.