Overall Satisfaction with Digital Guardian Platform
DLP is one of those categories of software that didn't even really exist a decade ago. In today's world, it has become a very important software category for many companies, especially any company that has IP or PII that they don't want to be leaked. We use Digital Guardian on all of our Virtual Desktops, as well as all of our laptops and desktops. This helps make sure that users are not able to exfiltrate sensitive data from the company, for any number of reasons.
- Email data leaks - DLP software must prevent certain actions to work well. Let's say you try to copy and paste an SS # to an email, or upload sensitive data to your personal email account. Guardian Edge can prevent that, and then alert administrators that it happened
- Unauthorized file copies - Guardian Edge can also prevent users from copying files from a sensitive restricted area to somewhere else where they might be able to more easily exfiltrate it. A good example would be from a company file share to a less secure server or their own home drive
- Alerting Administrators of suspicious activities - Any time a user uploads a file to an upload service or personal email, it is logged and reported as an event to be reviewed. If it found nothing in scanning the data, it will still notify you that it happened so you can review it yourself to confirm it wasn't a false negative.
- Program Conflicts - DLP software can often cause undesirable effects in programs, and Digital Guardian is no exception here. We had substantial issues with it locking up Microsoft Outlook and Microsoft Excel.
- Excessive false positives - If you don't tune the software properly, you may end up reviewing a lot of non-critical items, and that can lead to lots of extra admin time for fairly benign occurrences.
- Frequent program updates - Digital Guardian issues hotfixes and patches for their software frequently, and often times those updates will fix one problem, but cause another problem
- Reverting to older versions - We frequently had to revert to older versions after testing a fix for an issue, because the new fix would break something else. This became very frustrating to end users, administrators, and management.
- Lost work hours - We lost lots of work hours due to admins having to troubleshoot program issues, and also manually remove DG agents from machines so that users could get back to work.
- No DLP protection because we had to mass uninstall it - We ended up pulling DG from our entire environment because of the problems it caused with Excel and Outlook. DG acknowledged this was absolutely their fault, but it took them quite a while to issue a fix, and the first several did not actually resolve the problem. We simply did not have the time or patience to beta test their software for them. As a result, our users have to run with no DLP protection, just so they can actually work.
- Negative perception of IT - DG actually ended up giving the IT Department quite a black eye. Users were nervous any time we mentioned we were doing software maintenance or patching, because they were fearful that some new problem was going to be introduced and they wouldn't be able to do their jobs. It has taken time and many hours to repair that trust.
DG is the only DLP platform I've used at my current employer. I used it at my previous employer as well, and we ended up abandoning future deployments of it due to many problems caused by it, especially with web browsers. This was in 2015, rather than the 2018 version I used with my current employer, but I feel it still warrants mentioning. DG works great...when it works. When it doesn't, it's a disaster.