How to Evaluate DLP Solutions: 6 Steps to Follow and 10 Questions to Ask
Evaluating and selecting a new solution is always an undertaking, but following a standard framework and criteria set for each solution you’re considering will help simplify the process. Part 10 of our "Definitive Guide to Data Loss Prevention" series provides six steps and ten criteria to guide this process.
Once you’ve identified your data and determined the right approach to your DLP deployment, it’s time to begin the vendor and solution evaluation process. Choosing the right DLP solution for your company can be overwhelming; each potential vendor must be properly evaluated in order for your team to make an educated purchasing decision. Fortunately there are frameworks that can help guide the evaluation process. Here are six steps that we commonly see companies take before investing in a DLP solution:
- Research initial vendor set: Hundreds of vendors offer some form of data protection. We recommend identifying and applying a set of filters to narrow down the choices. Identify whether the vendor supports all of your operating environments. A guide used by many organizations is the Gartner Magic Quadrant report for Enterprise DLP. Peer research is a valuable source of information.
- Make a plan before you reach out to vendors: After you create your short list, it is time to contact the potential vendors. Have a list of use cases or critical business needs. This process can be as structured as you need it to be in order to satisfy your internal organization.
- Consolidate responses: Gather the key stakeholders and try to build consensus around which vendors are best fit to solve your problems.
- Narrow choices down to two vendors: Based on RFP scores or rankings, you should be able to eliminate all but two vendors that can be engaged for an onsite presentation and risk assessment.
- Conduct pilot tests: Request pilots from both vendors, or from the finalist as selected from onsite meetings.
- Select, Negotiate, and Purchase: After pilot testing has ended, take the results to the selection team. Begin negotiating with your top choice.
DLP Vendor Evaluation Criteria
The first step in vendor evaluation is the most important. Security teams should conduct in-depth research on all vendors that they are considering in order to identify the best fit. In the end, your environment determines which of the four DLP variants (endpoint, network, discovery, or cloud DLP) you should deploy.
Here are ten questions you should ask while doing your evaluation:
- Breadth of Offerings: Are network, endpoint, cloud, and discovery all offered from the potential vendor?
- Platform Support: Are Windows, Linux, and OS X all supported with feature parity?
- Deployment Options: Are on-premises or managed options offered?
- Internal and External Threats: Do you need to defend against one or both?
- Content vs. Context: How do you intend to perform data inspection and classification?
- Structured vs. Unstructured: What types of data are you most concerned with protecting?
- Policy Based vs. Event Based: How do you plan to see and enforce data movement?
- Technology Alliance Partners: What parts of your ecosystem do you wish to integrate with your DLP?
- Timeline: How quickly do you need to be operational?
- Staffing Needs: What additional, if any, staffing will the solution require?
With the right DLP solution, your company will be able to protect its sensitive data from evolving threats. For additional criteria to consider when choosing DLP software, check out our Definitive Guide to Data Loss Prevention eBook:
Learn more about DLP:
- Do you need DLP? Well, do you feel lucky?
- The Evolution of DLP: 4 Reasons Why DLP is Back in the Limelight
- Debunking the Three Myths of DLP
- Call it a Comeback: 7 Trends Driving the Resurgence of DLP
- All Trends Lead to Data-Centric Security
- What is Driving Your Data Protection Agenda? Determining the Right Approach to DLP
- Building a Value-Based Business Case for DLP
- Positioning DLP for Executive Buy-In
- 5 Criteria for Choosing the Right Managed Security Services Provider (MSSP)
- Getting Successful with DLP: Two Approaches for Quick DLP Wins
- Two Frameworks for DLP Success