GigaOm Key Criteria for Evaluating Data Loss Prevention (DLP) Solutionsv4.0

An Evaluation Guide for Technology Decision-Makers

Table of Contents

  1. Executive Summary
  2. DLP Sector Brief
  3. Decision Criteria Analysis
  4. Analyst’s Outlook
  5. About Paul Stringfellow

1. Executive Summary

Data is a precious resource for today’s enterprises, and preventing data loss is of paramount importance. The cost of data loss is significant, and its impact wide-ranging: it can be technical (with loss of services impacting operations), reputational (impacting relationships and future business opportunities), and/or financial (both loss of business and regulatory fines).

At the same time, organizations can’t just lock their data away. Data needs to be available in the right location at the right time. It must be portable and remain available for both internal use and external collaboration. However, each location where data must be available is a potential vector for data loss.

The amount of data held by organizations and the complexity of managing and securing it pose a major challenge. To reduce risks to data, organizations must focus on three areas: appropriate data usage policies, awareness training for their employees, and technology to help enforce data policy and secure data. Data loss prevention (DLP) solutions offer technical assistance to help effectively enforce data governance and security.

Business Imperative
The possibility of data loss presents a high risk to an organization, and the loss of data is likely to cause significant impact. Organizations that lose sensitive data run the risk of commercial loss as intellectual property becomes public knowledge, and reputational damage caused by leaks of sensitive internal information and/or just bad publicity. The loss of data also carries the threat of punitive action in the form of fines for regulatory violations and, in the worst cases, litigation against those who are responsible for an organization’s data.

Therefore, the diligent IT leader must ensure their organization is aware of the risks of data loss and its impacts. But they must also have a plan to address it. Organizations must understand the potential risks, the impact of failure to address those risks, and the costs associated with that impact versus the cost of addressing it. The costs of losing data through a breach are well publicized and often enshrined in regulations that compliance teams deal with.

Adopting a DLP solution is not a trivial task, however, and IT leaders must be aware these are not projects that should be driven solely by IT teams. They must include business-wide stakeholders because the responsibility for data and its security is a whole business issue. Therefore, it is essential IT leadership work closely throughout the business to ensure buy-in from the board level to new hires. Those tasked with risk management—legal and governance teams—and those in more formal data-focused roles, such as data protection offices, should all play an active part in DLP deployment.

When it comes to deploying an effective DLP program, IT leaders must consider:

  • How the DLP solution will be adopted within the organization: Processes must be well defined and users educated about the risks and approaches to mitigating them.
  • How it will work within existing operating practices: Solutions need to improve accuracy in identifying data loss risk and deal with emerging threats such as the proliferation of generative AI tools.
  • How it will integrate with existing tools: Solutions need to cover all potential data repositories and threat vectors.

Sector Adoption Score
To help executives and decision-makers assess the potential impact and value of a DLP solution deployment to the business, this GigaOm Key Criteria report provides a structured assessment of the sector across five factors: benefit, maturity, urgency, impact, and effort. By scoring each factor based on how strongly it compels or deters adoption of a DLP solution, we provide an overall Sector Adoption Score (Figure 1) of 4 out of 5, with 5 indicating the strongest possible recommendation to adopt. This indicates that a DLP solution is a credible candidate for deployment and worthy of thoughtful consideration.

The factors contributing to the Sector Adoption Score for DLP are explained in more detail in the Sector Brief section that follows.

Key Criteria for Evaluating DLP Solutions

Sector Adoption Score

1.0

Deters
Adoption

Discourages
Adoption

Merits
Consideration

Encourages
Adoption

Compels
Adoption

Figure 1. Sector Adoption Score for DLP

This is the fourth year that GigaOm has reported on the DLP space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Key Criteria report highlights the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) for selecting an effective DLP solution. The companion GigaOm Radar report identifies vendors and products that excel in those decision criteria. Together, these reports provide an overview of the market, identify leading DLP offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The GigaOm Key Criteria report provides a detailed decision framework for IT and executive leadership assessing enterprise technologies. Each report defines relevant functional and nonfunctional aspects of solutions in a sector. The Key Criteria report informs the GigaOm Radar report, which provides a forward-looking assessment of vendor solutions in the sector.