Only three security vendors—Symantec, Websense and RSA (the security division of EMC)—landed in the upper-right square of Gartner’s data loss prevention magic quadrant. But that really doesn’t matter if you listen to what Gartner’s own analyst say about the DLP technologies and strategies.

More than a dozen software and cloud services vendors offer DLP solutions, and every one of them promise to monitor network traffic to ensure that a company’s most sensitive information is not intentionally or inadvertently released to unauthorized parties.

>> Click here to check out TOP SOURCES OF DLP SOLUTIONS <<

The truth is DLP technology doesn’t deliver on that promise - at least when you’re talking about data in the general sense. DLP is improving and increasingly proofing effective at providing the disclosure of specific pieces of data, such as account, credit card and Social Security numbers.

Holding back DLP effectiveness is the lack of data protection strategies in end user organizations. In a report by IDG News Service, Gartner security analyst Paul Proctor advocates to end users to develop their own data protection goals and strategies before talking to vendors. Vendors, he argues, are pushing immature products with poorly defined architectures and policies that are ultimately ineffective in organizations that aren’t prepared to use them.

Proctor, a well-known security expert, dispensed this advice at the Gartner Security Summit in London. He prescribed a series of steps end users should take to develop a strategy before even looking at DLP products. Those steps are:

1) Define data by types and where it resides.
Types of data could include financial, human resources, research and development, contract and legal, etc. Data residences include various storage media and locations, physical office locations, and third-party hosting facilities.

2) Define user and application actions that involve data
This means identifying which users and applications need to touch data and what might happen to that data, including interdepartmental transmission, transmission outside the corporate boundaries, copying, printing, and cutting and pasting.

3) Identify and define policies and exceptions for handling data
This includes creating policies around who can access, modify and transmit each data type, requirements for transmitting data between departments and with third-parties, and what media can be used to store and transmit data.

Proctor is correct that these are the correct steps that end users should take in developing a data protection strategy. And, he’s equally correct in his statement, “"A lot of people have deployed a sort of DLP for simple requirements, like protecting credit card data. But that isn't enough -- they need to protect all data including their valuable intellectual property." However, this should not preclude end users from engaging with providers of DLP solutions in developing a strategy.

Providing guidance on how to develop a data protection strategy that best meets an organization’s needs is a tremendous opportunity for solution providers. By approaching DLP from a consultative vector, a solution provider should discuss with clients their threat exposure, past incidences, security costs, business objectives, interaction with third-parties and data sharing and collaboration needs. This will provide the solution provider with tremendous insights into how a business perceives its risks and what it will take to provide appropriate levels of security. In this equation, technology never will be a part of the first conversation and may not even come up until the third or fourth meeting.

Gartner ranking of DLP vendors is based on their assessment of vendors ability to deliver and implement an effect solution. What Gartner doesn’t take into consideration is the partner ecosystem that provides the consultative, design, implementation and support services. Solution providers that engage in data protection consultative services will be able to recommend the systems that best suit the customer’s requirements. This approach will build value in the eyes of the customer and, potentially, provide solution providers with exposure to greater opportunities.