So if we take it as a given that CIOs need to begin investing in DLP solutions, what should they be looking out for from vendors? In other words, what should a decent DLP solution be made up of?
"There are a number of components which are important. The first, and probably the most important, is setting some parameters for how data is classified," says Nicolai Solling, Director of Technology Services, help AG. "The other requirements are more technical and deal with how well classification of data is performed, and then finally how well data is enforced."
Muhammed Mayet, CTO, Security, Dimension Data MEA, says that a good solution begins with identifying and prioritising data within the business.
"Once this has been done, the business has a better understanding of the level of sensitivity and confidentiality of the data that lives within the business," he explains. "The choice of technology needs to be appropriate for the business, taking into account network DLP (data in motion), endpoint DLP (data in use), and file or storage DLP (data at rest). Also key is the integration between the DLP technology and the existing ICT infrastructure."
Another thing to ask vendors is whether or not their solutions cater for BYOD, a trend sweeping the IT world that shows no signs of going away. Of course, having company data on a personal mobile device is a risk in itself, so can DLP solutions return an element of control to network managers?
"The questions of where mobility fits into a DLP policy is a great one," asserts Gartner's McMillan. "Some DLP platforms now support mobile devices, but this is still relatively new. However, it is certainly an emerging space and many vendors are developing solutions."
Of course, even once a CIO finds a good DLP solution, and decides that it would fit perfectly into the company's infrastructure, there's always the matter of justifying the expense to the CEO and CFO. Mayet says, "It is critical that any proposed DLP solution has the support of key stakeholders that own the affected data."
But according to Haroon Iqbal, Sales Manager, WatchGuard MEA, it shouldn't be a problem convincing these stakeholders, as the costs of implementing a DLP solution should be justifiable.
"The costs for a good DLP solution depends on the amount of security needed, which can vary according to the amount of sensitive data a business needs to secure, the critical nature of that data, the size of an organisation, number of employees, and the specific work style of that organisation," he says. "The question to ask is not the cost of DLP, but the cost of data loss, and that will help put the investment in perspective."
Sign up for CIO Asia eNewsletters.