Chicago (Midwest) Data Loss Prevention User Group

Would you like to know how your organization compares to other Symantec DLP customers?
 
Symantec DLP Product Management will soon be conducting a customer Benchmarking Survey and we need your help constructing this survey in a way that is useful to you.  The purpose of this web survey is to collect general data on customer DLP deployments, such as number of employees working on DLP, products installed, industry, response rules enabled, etc.  We’ll then take the responses, anonymize them and summarize the data in a report made available to our DLP customers free of charge.  If we have enough respondents, we hope to provide response summaries by industry.
 
Since the purpose of this survey is to provide benefit to our customers, I am collecting suggestions for questions you’d like to see included in the survey.  I’ve included some suggested examples below and you can comment here or message/email me directly by July 30^th with your nominations.  I am targeting 30 questions in total to encourage wide participation, so please be understanding if your suggestions are not included in the survey. 
 
Examples:
How many people manage DLP policies within your organization?
How many people process DLP incidents within your organization?
How many servers are in use for your DLP production application?
Which DLP products do you have installed?
Which response rules (blocking/quarantine) are enabled in your environment?
How many emails do you process in a day?
 
To reduce the sensitivity of the responses, the survey will be accessible via SSL and all questions will be optional and will be more general in nature.  We will be destroying the survey responses once we’ve created the summarized results report.
 
Once the survey questions have been finalized, we’ll post a link to the survey on SymConnect DLP Customer Group to facilitate participation.

Thanks,
Ben Rohrs
DLP Product Manager
ben_rohrs@symantec.com

Just a reminder to submit your Benchmarking Survey question suggestions by EOD Friday.

Thanks,
Ben

Ben, here are some I'm thinking of.

1.  Do you publicize the fact that you're monitoring employees communications and web page accesses?
2.  Do you use prevent if so is it set to deny certain activity or to allow it if the user says they want to proceed with the activity and log?  (Ben I'm hoping you've got a better way to phrase as I can't remember the two modes specifically)
3.  How many monitors do you have deployed?
4.  Is your deployment global and if so in how many countries are you deployed?
5.  How many analysts do you have reviewing incidents detected through your Symantec Monitor?
6.  Do you feed Monitor events into a SIM and correlate with data from other systems?

I think this is a great idea to canvas the various user community.  I would love to see the results of the questions responded too. 

Do you use prevent/block with the transferring of data to unsecure CD or USB Thumb Drives?
Do you allow the copying of data to encyrpted thumb drives?
Are you using the Discover tool to detect where PII data is stored?
Are you using the Deiscover tool to detect where PCI data exists?
Would you like to participate in a User Group Meeting that talks about DLP?

For DAR scans, what is your incident density on file shares? sharepoint? exchange? web? e.g. # of incidents per # of files scanned.

For DIM, similar metric - # of incidents per # of emails or web hits.

How many incidents do you carry on your production Vontu DB.