The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

How to Evaluate DLP Solutions: 6 Steps to Follow and 10 Questions to Ask



Evaluating and selecting a new solution is always an undertaking, but following a standard framework and criteria set for each solution you’re considering will help simplify the process. Part 10 of our Definitive Guide to Data Loss Prevention series provides six steps and ten criteria to guide this process.

Once you’ve identified your data and determined the right approach to your DLP deployment, it’s time to begin the vendor and solution evaluation process. Choosing the right DLP solution for your company can be overwhelming; each potential vendor must be properly evaluated in order for your team to make an educated purchasing decision. Fortunately there are frameworks that can help guide the evaluation process. Here are six steps that we commonly see companies take before investing in a DLP solution:

  1. Research initial vendor set: Hundreds of vendors offer some form of data protection. We recommend identifying and applying a set of filters to narrow down the choices. Identify whether the vendor supports all of your operating environments. A guide used by many organizations is the Gartner Magic Quadrant report for Enterprise DLP. Peer research is a valuable source of information.
  2. Make a plan before you reach out to vendors: After you create your short list, it is time to contact the potential vendors. Have a list of use cases or critical business needs. This process can be as structured as you need it to be in order to satisfy your internal organization.
  3. Consolidate responses: Gather the key stakeholders and try to build consensus around which vendors are best fit to solve your problems.
  4. Narrow choices down to two vendors: Based on RFP scores or rankings, you should be able to eliminate all but two vendors that can be engaged for an onsite presentation and risk assessment.
  5. Conduct pilot tests: Request pilots from both vendors, or from the finalist as selected from onsite meetings.
  6. Select, Negotiate, and Purchase: After pilot testing has ended, take the results to the selection team. Begin negotiating with your top choice.

DLP Vendor Evaluation Criteria

The first step in vendor evaluation is the most important. Security teams should conduct in-depth research on all vendors that they are considering in order to identify the best fit. In the end, your environment determines which of the four DLP variants (endpoint, network, discovery, or cloud DLP) you should deploy.

Here are ten questions you should ask while doing your evaluation:

  1. Breadth of Offerings: Are network, endpoint, cloud, and discovery all offered from the potential vendor?
  2. Platform Support: Are Windows, Linux, and OS X all supported with feature parity?
  3. Deployment Options: Are on-premises or managed options offered?
  4. Internal and External Threats: Do you need to defend against one or both?
  5. Content vs. Context: How do you intend to perform data inspection and classification?
  6. Structured vs. Unstructured: What types of data are you most concerned with protecting?
  7. Policy Based vs. Event Based: How do you plan to see and enforce data movement?
  8. Technology Alliance Partners: What parts of your ecosystem do you wish to integrate with your DLP?
  9. Timeline: How quickly do you need to be operational?
  10. Staffing Needs: What additional, if any, staffing will the solution require?

With the right DLP solution, your company will be able to protect its sensitive data from evolving threats. For additional criteria to consider when choosing DLP software, check out our Definitive Guide to Data Loss Prevention eBook - start reading now, no registration required.

Read more in our Definitive Guide to DLP Series

  1. Do you need DLP? Well, do you feel lucky?
  2. The Evolution of DLP: 4 Reasons Why DLP is Back in the Limelight
  3. Debunking the Three Myths of DLP
  4. Call it a Comeback: 7 Trends Driving the Resurgence of DLP
  5. All Trends Lead to Data-Centric Security
  6. What is Driving Your Data Protection Agenda? Determining the Right Approach to DLP
  7. Building a Value-Based Business Case for DLP
  8. Positioning DLP for Executive Buy-In
  9. 5 Criteria for Choosing the Right Managed Security Services Provider (MSSP)
  10. How to Evaluate DLP Solutions: 6 Steps to Follow and 10 Questions to Ask
  11. Getting Successful with DLP: Two Approaches for Quick DLP Wins
  12. Two Frameworks for DLP Success

Nena GiandomenicoJuliana de Groot

WHITEPAPERS

The Definitive Guide to Data Loss Prevention