Ask the Expert

How can we convince our VP that a network-based DLP makes sense?

Our organization is trying to build a case for implementing data leak prevention (DLP) technology. How can we make a case to our senior vice president that a network-based DLP product makes sense? We want to convey the value, but avoid pitching it as a cure-all.

    Requires Free Membership to View

This is the very quandary that most security professionals face when looking to get key projects funded. Obviously, downplaying the true benefits won't get the funding. But overselling will mismanage expectations and cause a lot of grief when the project doesn't deliver the promised value.

Relative to DLP, I thought it best to consult my friend Rich Mogull from research and consulting firm Securosis, the premier analyst in the DLP space. He's published quite a bit about DLP use cases and value.

In Rich's words: "The business problem for DLP is: 'Tell me where my sensitive information is and help me protect it.'" If an SVP doesn't think that value statement is important enough to consider DLP products, then give up now. There won't be any funding."

Rich also emphasizes that looking at only a network-based DLP product is inherently limiting. There are a number of products that offer integrated protection for data in motion (such as network-based DLP products mentioned in this question), and data at rest and data on the endpoints. A content-protection strategy is only as good as its weakest link, and without factoring endpoints, files stores and databases into the mix, there will be a pretty significant gap in protection.

The best way I've seen to make a case is actually to bring a product in and do a proof of concept. Conduct a quick scan to pinpoint some sensitive content. Install a gateway and roll out endpoint DLP agents to a test group. See what they find. If it's nothing major, then the company doesn't need to spend the $500,000.

But if there are anomalies, those will be the ammunition and the urgency to make the case, because your pitch will be based on data, not PowerPoint slides or fear-based marketing. Get the data and let the SVP make up his/her mind about how important the problem is.

More information:

This was first published in June 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: