Information Stewardship versus Data Leak Protection

Data loss protection technologies and solutions have basically failed to prevent data leakage and data theft. Companies need a foundation based on information stewardship which is defined as: "The willingness to be accountable for a set of business information for the well-being of the larger organization by operating in service rather than in control of those around us." Basically, stewardship is all about taking care of property that is not your own. Information stewardship combines good governance techniques with best practices and disaster recovery to improve the resiliency to loss of data.

Implementing a data leak protection program, software or solution without also implementing an information stewardship program is like protecting your money by putting it under your mattress or in a coffee can. You need to protect your information like your money:

  • Store it somewhere secure.
  • Mark it so you know its value.
  • Have policies that govern how your money is moved.
  • Protect it against theft.
  • Advertise the impact of transgressions. (In other words, if information is valuable - like money - then you need to be prepared to terminate, suspend, penalize or prosecute transgressions)

There's no sense in just hiring a security guard to watch your mattress if you only $100 under it. You need a comprehensive information stewardship strategy.