Relative to DLP, I thought it best to consult my friend Rich Mogull from research and consulting firm Securosis,...
the premier analyst in the DLP space. He's published quite a bit about DLP use cases and value.
In Rich's words: "The business problem for DLP is: 'Tell me where my sensitive information is and help me protect it.'" If an SVP doesn't think that value statement is important enough to consider DLP products, then give up now. There won't be any funding."
Rich also emphasizes that looking at only a network-based DLP product is inherently limiting. There are a number of products that offer integrated protection for data in motion (such as network-based DLP products mentioned in this question), and data at rest and data on the endpoints. A content-protection strategy is only as good as its weakest link, and without factoring endpoints, files stores and databases into the mix, there will be a pretty significant gap in protection.
The best way I've seen to make a case is actually to bring a product in and do a proof of concept. Conduct a quick scan to pinpoint some sensitive content. Install a gateway and roll out endpoint DLP agents to a test group. See what they find. If it's nothing major, then the company doesn't need to spend the $500,000.
But if there are anomalies, those will be the ammunition and the urgency to make the case, because your pitch will be based on data, not PowerPoint slides or fear-based marketing. Get the data and let the SVP make up his/her mind about how important the problem is.
Dig Deeper on Data security strategies and governance
Related Q&A from Mike Rothman
The CISSP certification can be a challenge to obtain. Mike Rothman unveils how to get on the right education and career tracks in order to get CISSP ...continue reading
In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about ...continue reading
Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.