Monday, December 31, 2007

I figured I needed to explain what Information Loss Prevention, ILP, Data Loss Prevention, DLP, and Content Loss Prevention is. ILP, DLP, and CLP are terms used interchangeably for a technology and methodology to search end points, repositories, network, IM, and email for sensitive information such as Personally Identifiable Information, PII, Personal Health Information, Credit Card information, CC, Intellectual Property, Business Intelligence, BI etc.

There are several vendors providing solutions in the space. Some of the best known names in this nascent but growing market are: Vontu, Tablus, Vericept, and Reconnex. There are more, and I might come up with a full list later on. There are two other vendors, not spoken of as much for enterprise solutions, these are Orchestria and Work Share. Orchestria is mostly known for solutions for financial institutions.

The solutions these companies provide use search technology to ferret out sensitive information that may be damaging to a company if it is lost. Due to NDA's signed with each company, I am hesitant to discuss strengths and weaknesses with each one at this time. If I get an approval from any of these companies to discuss publicly their strengths and weaknesses, I will do so. In the mean time, the best way to get information about these companies is to look at Forrester and Gartner reports which discusses the strengths and weaknesses. Here is a link to wikipedia:
http://en.wikipedia.org/wiki/Information_Leak_Prevention

Furthermore, if you are investigating which solution you should purchase, or if you are seeing a need for these types of solutions in your organization, you should ask for referrals from each company you are evaluating, and compare their results and needs with your own.

You should probably not start an evaluation without conferring with your legal counsel due to the increased risk to the organization if you cannot remediate what you have found (this is not a legal advice, as I am not an attorney).

No comments: