Management and strategic issues for IT leaders, by Computing Business editor Mark Samuels Management and strategic issues for IT leaders, by Computing Business editor Mark Samuels Management and strategic issues for IT leaders, by Computing Business editor Mark Samuels

« There is a depressing lack of innovation in UK IT | Main | Reducing the risks of information management »

Friday, 11 April 2008

Data leak prevention is just security best practice

Security Cast a wary (or should that be weary?) eye on the latest security trends. So says ICI global information security director Paul Simmonds, speaking to Lisa Kelly in this week's definitive guide to security:

“Data leakage prevention (DLP) is being hyped and everyone is trying to flog it. Established vendors are tweaking existing products to DLP, while there are a whole bunch of start ups selling it. But vendors are always telling you that you have a big problem and they will solve it for you."

Simmonds has certainly got solution-obsessed vendors down to a tee. But what's all this about DLP? “We have always done DLP at ICI," says Simmonds - breaking the unwritten rule of no more than one TLA (three letter acronym) in a seven word sentence. That's 'unwritten' as in 'made up just now by me', by the way.

With regards to DLP, Simmonds says his company uses the classic 80/20 rule - 80 per cent of security is about people, processes and procedures, and only 20 per cent is about technology.

It sounds like a winning strategy. Especially as in next week's definitive guide, Freeform Dyanmics analyst Jon Collins says:

"IT leaders need to consider risks caused by their own employees, be they through malice or stupidity. Internal workers have always posed the biggest threat to computer systems - even before product categories, such as DLP, were posited."

Apparently, some vendors also refer to DLP - stay with me, here - as information leak prevention (ILP) and extrusion prevention (EP). Basically it's about putting the right security processes and systems in place. So, for DLP (or ILP and EP) read best practice through a bunch of tools and policies.

Simmonds is right to be wary about the the so-called latest security trends - but weary seems an even more appropriate sentiment, I think.

Further reading

Want to subscribe to this blog? Click here for the options

Want to contact the writer? Email Mark Samuels

Posted at 01:07 PM in security, software, strategy |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/t/trackback/1105496/28003736

Listed below are links to weblogs that reference Data leak prevention is just security best practice :

Comments

Post a comment

If you have a TypeKey or TypePad account, please Sign In


Contacts

Recent Posts

Recent Comments

Computing blogs

Archives

Categories

Powered by TypePad
© 1995-2006 All rights reserved