What makes DLP so hard?

摘要

At my university we have a mandate to deploy data loss prevention - DLP - but we are finding it quite a challenge. Why? Do other organizations have the same difficulty? The problem, actually, is not DLP, it's data classification. Without data classification you cannot get to DLP. And data classification might be the most difficult security task any organization undertakes. The reason is simple, though the problem is not. Nobody likes to take ownership of data that they must share with others. This is a perceived issue of responsibility without control, and it is not, of course, unique to this venue. There are two phases in data classification for most organizations: legacy data and new data. New data is the easiest. There are several products available for assigning a classification at the time the data item is created. Oddly, most people don't seem to mind that. Odd, that is, when taken with the reluctance of most to take ownership of legacy data.