Unfortunately, there are a variety of ways that data can still sneak out the door unfettered, leaving your organization open to regulatory compliance and legal issues -- not to mention the potential harm to your organization's reputation which can substantially and negatively affect your bottom line.
That being said, I recently took a look at McAfee's newest offering in the desktop DLP space and I'm impressed. Regardless of the method I tried to use to remove data off the host, McAfee DLP stopped me every time.
Of course, good data protection requires that you first identify and quantify your sensitive data. McAfee DLP's management console has a number of prebuilt templates that allow sensitive data types (like the nine-digit Social Security number) to be easily locked down so that they don't escape from your enterprise.
While DLP is all about making sure data stays safe and secure, McAfee's product is somewhat limited by its focus on the endpoint. It still leaves data vulnerable in all of its other potentially exposed locations -- since it's host based, it can't protect network, servers, databases, and so on. Nevertheless, McAfee DLP does what it says: it keeps data from leaving the desktop.
While I haven't had a chance to take a look at it, McAfee Data Loss Prevention Gateway is a way to mitigate the shortcomings of the endpoint. The DLP gateway is policy based and can manage endpoint deployments for a more comprehensive data loss prevention solution.
Available: Now
Pricing: Approximately $79 per seat
Verdict: Organizations looking to stop the potential or existing loss of critical data need to look at McAfee's host-based DLP solution. While the product does require a desktop agent, this data loss product can protect your enterprise from costly and embarrassing theft and unintentional disclosure. It's a good first step, but remember that desktop lockdown only stops those using your existing endpoints and does nothing to stop data moving out of your organization from other locations and origins.