After a long gap that included much travel, it is time to pick up on my previous TJX post.

But first I got distracted by a post around DLP by Richard Stiennon (Don't think that data leak prevention technology will stop leaks - http://www.networkworld.com/community/node/28864) and Mike Rothman's response to this  (What? Data leak prevention actually stop leaks? http://securityincite.com/blog/mike-rothman/the-daily-incite-june-17-2008 )  is as usual interesting.

I see huge benefit to data protection if it can be pragmatic and cut down on big risk items. The problem usually is with expectations - that we expect a zero data risk. This is a complete fantasy which will always end up the way fantasies end - with a rude awakening or usually by taking it out on vendors.

This thread also led me to the question of what really IS an effective data protection technology? As a first step to this, I began to classify key data protection technologies such as DLP, DAM, etc. in terms of where they sit and what attacks are visible to them. The next question was how effective were these technologies in terms of cost and manageability? This led me to develop a framework which can rank protection technologies in terms of both risk and cost. I will describe this framework in the next post.

Stay tuned.