Another problem in rolling out DLP solutions today, particularly for highly collaborative environments, is the problem of interoperability between two different DLP systems, said Turner. In this scenario, he believes businesses may sacrifice the availability of information for security.
Although Trend Micro's Biviano could not contest Turner's assertion about interoperability, he reckons companies still must first gain control of internal flows of information.
"Once internal data management is under control it makes sense for DLP vendors to explore how standards can be established. Then you can start looking at data movement policies that extend beyond the organization," he said.
But while vendors, analysts and technology buyers may disagree on when and how to introduce DLP technologies, all agree that policy and education should play a significant role.
"A lot of organizations haven't quantified the types of information they own and are not aware of how it moves internally and flows in and out of company borders," said Biviano.
"They need to first take a step back and look at the information in their control from a big picture point of view, and define the types and levels of criticality... Implementing a DLP solution needs to be in conjunction with defining information policies," he added.
IBRS's Turner recommends organizations begin changing employee behavior and knowledge while they wait for tighter integration from vendors.
"The best solution will be alerting end users to what they're doing, how to understand the value of the information and their responsibilities in handling it.
"Then you can bring in the technology--when vendors like EMC, Oracle and Microsoft have integrated it--which ensures users are more accepting of technology because it's more aligned with the processes they're doing regularly," added Turner.
Play video
There are currently no comments for this post.