Educating end-users to supplement DLP
John Meakin, group head of information security at Standard Chartered Bank -- a global concern with more than 1,600 branches and 60,000 employees -- said that he chose to buy Workshare's Protect applications to carry out his DLP strategy because of their direct ties into Office.

For DLP to work on a practical and philosophical level, he said, it must be intertwined with other security and information management technologies in such an innate and ubiquitous fashion.

"Having the integration with the information rights management features in Office was a key determinant in our decision making," Meakin said. "Some vendors are selling tools that are all about matching patterns and locking down certain data types. The reason we didn't think that approach by itself was sufficient was because there is so much data that falls out of the known patterns. Tt's like anti-virus: Once in a while there's a new virus never seen before, and users can make decisions we can't predict."

At its essence, the executive said that DLP should be less about blocking certain types of data from leaving the network than it should be about keeping workers constantly aware of the sensitivity of the information they access.

"It's less about what they try to do with it, like copy it to a USB drive or push it to Web applications, that's certainly part of it, but the most important thing is managing a dialogue with users and putting tools at their disposal that allow them to interact in a way that is fundamentally more secure," he said. "Only then have you really begun to solve the problem."

Yet, at the same time that he is looking for integrated DLP technologies, Meakin said he's unsure that the efforts of major IT platform providers to integrate the technologies into their products will sufficiently address the problem.

Buying-up smaller technology providers simply because DLP appears to fit in with some element of their business won't necessarily allow the major vendors to offer the right breed of product integration for enterprise customers, he said.

"I don't see any of the acquisitive vendors trying to build an integrated approach yet, or doing so convincingly; the problem is we are all immature in trying to address the issue of DLP in general," said Meakin. "I don't think this whole market is mature enough yet for these acquisitions to make someone like me think that any of these solutions being sold under an integrated banner are something close enough to a silver bullet."