IT chiefs shun anti-leak tools

Data loss prevention technology criticised as too costly and complex

IT chiefs are shunning data protection technologies despite the risks because they are perceived as too complex and do not deliver a clear return on investment.

That is the conclusion drawn by analyst Ovum, which has been studying data loss prevention (DLP) technology uptake.

"Both public and private sector organisations have compelling reasons to protect their sensitive data, such as the potential for financial losses and regulatory requirements," said Andy Kellet, analyst at Ovum. "DLP solutions are widely available but, despite this, enterprise uptake levels remain relatively low."

IT decision makers regard the technology as too complicated and expensive to deploy and support, with a return on investment that is far from compelling.

But much of the complexity associated with DLP can be traced back to the data classification process it is necessary to undertake before deploying the technology, said Rik Ferguson, solutions architect at security firm Trend Micro.

Firms have to audit and classify their data in order to understand the value that data holds and what access rights should be assigned to it, said Ferguson.

"But there is real business value in having that insight into your data that goes beyond its use in DLP deployments," he told Computing.

Frequently, DLP was deployed when the IT function was in firefighting mode, added Ferguson, such as in the aftermath of data loss.

If it is deployed after firms have conducted a risk assessment of their data, there is a far higher chance they can understand the business value of protecting critical information and budget for DLP appropriately.

Last month, security vendor Symantec reported that the average data breach incident cost UK businesses £1.9m in 2010 - a 13 per cent increase on 2009.