Dark Reading's December 21, 2009 article, 4 Factors To Consider Before Firing Up that DLP Solution provides welcome insight into the administration requirements of DLP systems. Too often, the press just hypes the latest security solution types (think NAC in 2006 and 2007; where is Cisco's TrustSec?). While DLP is surely not new, this type of article is still refreshing.
The four factors described are:
- Policy – Initial creation and/or customization, ongoing modification
- Data Discovery – Initial and ongoing configuration of data identification algorithms
- Integration – e.g. ICAP, email, encryption
- Administration – Alert Adjudication
The article says that the amount of administrative work is a function of "the size of your organization and the level of deployment." I would add a third – the product you select.
Actually, all security products require at least Policy Management, Integration, and Alert Adjudication. Therefore when considering adding a new security/compliance solution type, review your overall security/compliance portfolio and consider consolidation opportunities as a way to control administration costs.
While the major security vendors have been acquiring and integrating additional functionality for years, start ups have been coming to market with innovative approaches to unifying functions designed and built from the ground up. Next generation firewalls, as described by Gartner, comes to mind.