Yesterday, 2nd September 2010 John Stringer, the DLP product manager at Sophos did a guest post on Graham Cluley’s blog. The aim of the post was to explore how Sophos’ Data Loss Protection (DLP) technology can help companies tackling Information Rights Management. I wanted to comment on that post, but found comments were not allowed. The disadvantage of having a blog that does not allow comments, especially if you sell products and services is the perception of a closed or insular company that wants to tightly control everything that is being said. I owe it to my audience to be able to comment on my posts, especially if they don’t agree with what I have written. Moreover, if I sell products and services it is a great opportunity to get feedback from my customers. I am disappointed that comments were not allowed this blog. However, this does not take away what Graham has achieved through his work.

Anyway, back to the content of the post. John in his guest post commented on only allowing files protected by Oracle IRM to be copied to external media. The question I would have liked to ask is; Does this mean that data that is already out there in the public domain would have to be protected by IRM before it can be copied to external media? What about data classification leading on to context sensitive DLP to ensure if a document contains certain words it is automatically protected by IRM before it is copied to external media? Is this not a superior approach among other possible approaches?

The approach that Sophos DLP has demonstrated in this post is not be recommended to clients because it will simply infuriate and frustrate users as they are forced to protect a file with IRM that in the real sense is unnecessary. Unless Sophos have some other tricks up their sleeve not shown in the post, I do not see how this will be acceptable to users.

It will be interesting if Sophos, Graham Cluley or John Stringer are monitoring what is being said about them on the web. My blog comments are open to anyone and everyone.