Data leakage prevention (DLP) has been heavily marketed as analogous to intrusion protection and a key element of any organisation’s threat response management environment. In spite of international regulation, continued vendor surveys demonstrating the risk of data breaches, and close media scrutiny of public and private organisational data handling, adoption of DLP solutions remains poor. In February 2009, Longhaus surveyed 110 senior business decision makers from Australia’s medium to large enterprises and found that only 34% had implemented any form of DLP. Today there is little doubt that increasing interest in Software-as-a-Service (SaaS) and cloud computing will erode the traditional barrier or perimeter of the enterprise. This will put further pressure on organisations to address data-level access control. However, through briefings with key security vendors including CA, Symantec, Websense and ClearSwift, Longhaus conclude that continued association of DLP with perimeter-oriented protection and security strategies undermines the real value of these solutions. When used pro-actively to monitor movement of data, DLP solutions can provide the means to discover and document the key relationship between business process and data within the organisation. Such information is invaluable when determining areas for process improvement and increased efficiency beyond mere compliance.