Great article over at Network World that sums up what I've been saying to anyone who'll listen to me that DLP and similar endeavors are ultimately doomed to fail because it is corporate culture that determines how data is handled. We can scan email, put application firewalls in place, deploy DLP all the way down to the desktop, and we still can't prevent the employee from taking a picture with their camera or sending a MMS or SMS message with corporate secrets nestled inside. Since this court ruling stating that SMS and MMS are off limits without a court order and there is no way to monitor them other than confiscating mobile phones as people walk in the door (that'll play well in the corner offices, right?). Ultimately, DLP will fail because enterprises will spend gobs of money deploying complex solutions, information will still leak, the article on page 1 of the Wall Street Journal will follow, the CIO will call the CISO into his office, WTF?!?! will ensue, heads roll, etc... DLP will have it's place in the enterprise to catch the oops factor but there needs to be a healthy dose of expectations management that comes with any data loss solution. If you want a bit more of a take on my DLP ideas, see my earlier post titled "Oops I Leaked My Data."
No comments:
Post a Comment