A response to “The Dark Side of DLP”

In an Information Week article dated December 21, 2009, titled “The Dark Side of DLP,” the author argues four reasons why DLP implementations are more involved then what they should be. I have attempted to briefly respond to those points, however my experience with DLP is based on Symantec’s DLP product.

These 4 points are:


This is the starting point of any DLP implementation, a DLP product will only find data based on the policies you write. And as the article states “[s]ome policies are fairly obvious – there’s no good business reason for an employee to upload a spreadsheet full of Social Security numbers to his Facebook profile.” Any DLP product you are investigating should have prebuilt templates, if it doesn’t run for the hills. The other key to a good DLP product is you should not have to learn some form of scripting language to make the product work correctly in your environment.

Once you have written these policies remember you will need to tweak and massage them as the author points out “this is rarely a point-and-click exercise.” Policies will need to be modified as your company grows and changes, along with as your implementation of DLP matures.

• Data Discovery

This is a key question that DLP answers. How can you protect your data if you don’t know where the data is located? Can your DLP product discover from multiple silos or is it limited in the amount of types of file systems or databases it can scan? More importantly can the product scan the files in a way that will not impact the day to day operations?

Symantec DLP has the most comprehensive scanners to track down the file data you need. What type of confidential data is on your SharePoint site? What type of information is your public file share? Not does Symantec DLP scan your file system, but it will tell you exactly what file permissions are set for each file and who has access ot them.


How does your DLP product integrate with your existing systems? Does it work with your web proxy? Do you use encrypted email and does your DLP system allow you to integrate with that as well? All questions that need to be answered before you purchase the product that will help you with Data Loss Prevention.

Symantec DLP 10 provides an open reporting API that integrates with other report writing systems, like Crystal Reports or another tool. This allows you to generate reports on what exactly is going on with your DLP system. Another key point in the integration story for DLP is how Symantec’s Workflow product integrates and allows you to automate some of the business process around the DLP product. The best point about Workflow is it allows you to integrate your DLP product with non-Symantec products to help provide better automation.


How hard is it to administrate your DLP system? How hard is it to setup multiple security roles and customize what these roles can see? For example my helpdesk staff may need to see that an incident occurred, but not the data that is actually contained in the incident? Do you have to write multiple policies to manage the different areas of DLP (data in motion, data at rest, data on the endpoint)? Is there a different management console for each area? Is there a way to limit the amount of incidents you are working on?

These are all areas that Symantec DLP excels at. I can manage areas of DLP through one management console, and also one policy written can be applied to each area. The easier it is to manage your DLP system, the more you will actually use it.

Interested in more information about Symantec DLP and how it can help you out? Drop me a note


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s