DLP User Notices Too Crude

When a data leak prevention product tells you you're contravening policy, chances are you get a message like: "Policy violation: You're trying to send sensitive material to someone who shouldn't receive it."

This may be alright for simple policies. But, in general, users need more specific information about what's gone wrong, because many different circumstances can cause a filter to be triggered. For example, they may need to be told that the problem is that they're trying to send out personal financial information, or that balance sheet information cannot be sent to such-and-such external email address.

The ability of DLP products to explain themselves in this way is crude today. Five years hence, it will have to be much better. Vendors will invest substantial efforts to allow their products to be more self-explanatory.

Note: It's also true that sometimes you don't want to give users the full reasons they got caught. So you don't make it easy for the bad guys to subvert the system.

... David Ferris

Post a comment

You must be logged in to post a comment. To comment, first join our community.