I had previously talked about avoidance as the best remedy. I went so far as to say at an InfoWorld conference that “data protection is a contradiction in terms” and was consequently the object of several harsh rants. However, they didn’t get my point at all, which was that once data have been distributed, copied and stored in many locations, it is too late to protect all the data. Therefore I reiterated a basic tenet of security, namely, making available only data that are needed. That way the problem is not actually resolved, but the magnitude of the problem will be substantially diminished.
My next thought was that reducing the quantity of data should be accomplished “upstream.” And then I had a “eureka moment”! When you construct a dam, isn’t it always built upstream – nearer the source of the river than the mouth or estuary? Why might this be? It is obviously because the river valley is narrower upstream, so that the dam can be shorter, lower and cheaper, yet still accomplish what has to be done, which is usually generating electricity and/or regulating the availability of water for irrigation purposes. If you tried to build a dam at the mouth of a river it would have to be huge and completely cost prohibitive and it wouldn’t be useful.
So it is with DLP. Today we are typically trying to prevent even the smallest leak from this huge unmanageable sea of data. Quite frankly, it’s impossible. The only hope we have is to stop it as near to the source as is feasible.