With all the recent news about acquisitions in the DLP space, I'm unsure if now is the time to select a solution or if I should wait. How can I tell the right time to get into DLP?

The decision to invest in Data Loss Prevention (DLP) should be based on how ready you are as an organization, not the internal wranglings of a young market in the midst of a growth spurt.

I like to describe DLP as an adolescent market- it's one that provides high value even though the market and the solutions aren't as mature as some other areas of technology.

The real decision to invest in DLP will be based on your organization's maturity, not that of the market. All of the leading solutions today provide enough value that I think they're ready for deployment. What I tend to find when working with clients is that to get the value of their DLP investment they need to prepare as an organization.

DLP solutions aren't like many other security tools that operate, for the most part, outside the business. Not only does DLP protect sensitive data that needs to be defined by the business, but the policies on how that data needs to be managed and the workflow for handling policy violations all needs to be a partnership between security and the business units. Also remember that DLP solutions will stop some malicious attacks, but are more for preventing accidental disclosures and identifying bad business process. You need to answer questions like:

* What content do we need to protect?
* How are people allowed to use it?
* How do we want to manage policy violations?
* Should we involve HR? Or Legal?
* Who will be responsible for handling and investigating violations?

Investing in DLP is similar to the decision to have children- you'll never feel like you're ready. But unlike procreation, you can dip your toes into DLP to determine your readiness without any cost.

Nearly every DLP provider will come in and to a "risk assessment" where they deploy the product in a monitoring mode for a few days and present you with a report of what you've seen. If you're seriously considering DLP, pull together the main business units with a potential stake- HR, legal, finance, and IT are typical, bring in one or two vendors, and see what kind of results you get. Pull everyone together in one room, review the results and you'll quickly understand if you're ready to deploy DLP or not.