Okay, I know DLP (Data Loss Prevention)is a huge undertaking, but can it be done right? I think far too many companies walk into DLP projects, and think they're going to plug in a magic box that will keep them safe. WRONG!
I'm really for DLP, don't get me wrong, but its gotten a bad wrap over the past couple years that's not entirely its fault. What you hear people say the most is that there's too many false positives?
First off, did you take the time to sit with your business units and verify what data they're using? Probably not. Did you let it run in passive mode, and take the reports back to your business units, and show them what it would have blocked. I hope so.
These two things are done sometimes, but in order to get a jump start on your DLP project you need to know where, what and who has access to your data. The classification peice is so essential.
The DLP solution is going to do its job, block data, and its going to do it well, but you need to do the leg work in knowing what the data is, and who's using it. If you don't want to put in a lot of time up front, you'll put in a ton of time in the back end, and eventually it will end up as shelf-ware.