One of the problems in protecting an information system is the monitoring of almost-legitimate transactions. One document, sent over two different channels to the same user, or even to two users using the same channel could be a difficult case to tell apart.

The information structure of a given company before the adaption of a DLP solution is, quite frankly, often a mess. Documents are created with sensitive data in every sector of the system, read-and-write rules are set up in a random fashion based on the whim of a system administrator that worked there nearly a decade ago, and so on. This is understandable, of course, as the employees are not trained in proper information security, and the system security is focused on defending the perimeter from the outside.

As I have mentioned before, it is difficult to find a major IT security firm without a DLP package in its lineup, whether one of their own, or snatched up early. Those packages, however, are mostly technical, with little consultation beyond “here’s our box and good luck to you”, a topic previously discussed at length. Those solutions tend to ignore an incredibly important part of DLP: the administrative method.

It is no great secret that by now everybody and their mum has DLP solutions as part of their product line: McAfee, Websense, Symantec, Trend Micro, Check Point, BlueCoat, Aladdin and so on. Even companies that have nothing to do with data security per se, such as Microsoft and Cisco, have added DLP products to their line. There are abound that Kaspersky and Oracle are working on their own versions. It would be easier to point out companies that refuse to create their own or quickly buy out a smaller company for a piece of the admittedly small pie.