Data protection fueled by data leakage prevention products and services

By Neil Roiter, Senior Technology Editor 30 Jul 2009 | SearchSecurityChannel.com

Security Channel Update Digg This!     StumbleUpon     Del.icio.us

Data leakage prevention (DLP), driven by security and compliance, is drawing a lot of attention and generating sales. Solution providers can look forward to growing interest in gradual enterprise rollouts of these complex products, as well as simpler email-specific DLP products. SMB DLP products are also gaining traction for smaller organizations with relatively straightforward data-monitoring requirements.

Enterprise DLP products (also referred to as data loss prevention) can be deployed throughout an organization to discover and classify sensitive data, monitor for unauthorized outbound egress and take appropriate action to prevent data leaks. That could mean notifying a user that he or she is violating policy, encrypting an email message containing sensitive data or even blocking a transmission altogether.

Any attempt by a company to run a 'DLP everywhere' type of project results in death by 1,000 cuts Mark Nicolett vice president and distinguished analyst, Gartner Inc

Cambridge, Mass.-based Forrester Research Inc. predicts record sales in 2009. Companies have started pilot programs that often focus on the most urgent use cases, such as detecting and stopping outbound transmissions that contain unencrypted credit card numbers.

"DLP is pretty well set up to go after structured data," said Forrester senior analyst Andrew Jaquith. He said the DLP market's "sweet spot" revolves around protecting sensitive customer data.

However, Jaquith said most deployments are limited, and enterprise-wide rollouts are still rare.

"Any attempt by a company to run a 'DLP everywhere' type of project results in death by 1,000 cuts," said Mark Nicolett, Stamford, Conn.-based Gartner Inc. vice president and distinguished analyst. "Because when broad-scale monitoring is turned on everywhere, the organization running the project quickly becomes overwhelmed chasing down hundreds of individual situations, trying to understand if the data movement was necessary."

DLP falls into two broad categories. A full DLP deployment across an enterprise includes discovering and tagging sensitive data across the organization, monitoring activity on endpoints and portable storage devices, and filtering outbound information across a full range of vectors, email, Web mail, FTP and instant messaging, for example. Mid- to large-sized enterprises are most likely to be interested in phased deployments of these very complex products, starting with specific business units or limited goals, such as detecting credit card numbers.

A partial DLP implementation is generally restricted to email, using simple techniques such as regular expression (a way to do text string pattern searches and specify what action to take; Unix grep utility is an example) and keyword matching. The idea is applying the 80-20 rule, detecting most of the riskiest data, such as credit card numbers, where it is most likely to exit the enterprise.

Jaquith said about a third of enterprises have some form of a DLP product, and close to a majority will have at least a pilot started by the end of the year. He estimates the stand-alone market at $200-$250 million, including the partial/email deployments. Gartner pegs the market at around $300 million.

DLP is not just an enterprise tool. Smaller financial institutions, retailers complying with PCI and healthcare institutions are among DLP buyers. Some are purchasing email-specific "DLP light" capabilities, but others are purchasing DLP products from companies such as Code Green Networks Inc. and Palisades Data Systems, which are geared to smaller organizations without the complex data discovery and monitoring requirements of large organizations.

"Companies with 100 to 400 users are our sweet spot this year," said Sean Brockette, DLP manager for Dallas-based Ani Direct Network Security L.P., which sells Symantec Corp.'s Data Loss Prevention product (formerly Vontu Inc.). "Enterprise customers are waiting until the economy rebounds."

Brockette said Ani's DLP customers range from organizations with 15 users to those with as many as 5,200.

Full DLP deployments are slow to develop, in part, because the technology is still maturing, but mostly because of the complex people and process issues that need to be resolved, especially in larger organizations with numerous business units. Solution providers can anticipate growing opportunities as customers move from pilot programs and continued phased deployments throughout the enterprise.

"When you are talking about data, you are talking about things at layer 7 and above -- layer 11 being politics" said Jaquith. "Mucking around at the innards of business processes and pointing out things that shouldn't be moving around requires negotiation, communication and coordination."

Brockette said that this makes the vendors approach more complex as well.

"Companies have different units, each with a different idea of who owns the data and who is responsible for getting reports," he said.

The complexity of DLP, particularly for full deployments, generates service revenue opportunities he said, especially important in a weak economy where deep discounts in product sales are common in a highly competitive market. Gartner predicts that DLP will be 50% cheaper by 2011.

More on data protection Vulnerabilities, compliance drive data protection Security channel should consider full-disk encryption

That market has seen extensive consolidation: CA Inc. acquired Orchestria Corp. earlier this year; McAfee Inc. acquired Onigma Ltd. in 2006 and Reconnex Corp. in 2008; in 2007, Symantec bought Vontu, RSA Security Inc. (EMC) acquired Tablus Inc., Trend Micro Inc. purchased Provilla Inc., and Raytheon Co. bought Oakley Networks Inc.; Websense Inc. bought PortAuthority Technologies in 2006. Remaining independent vendors include Vericept Corp., Verdasys Inc., Code Green, Fidelis Security Systems Inc., Workshare Inc., Palisades Data Systems, and GTB Technologies Inc.

The acquisitions hold the key to widespread, full DLP deployments, said Nicolett. As vendors meld DLP into their existing products, enterprise-wide deployment won't require difficult endpoint installations and integration with existing systems.

"Ultimately, DLP capability does need to be almost everywhere," he said. "On gateways, on the endpoint, on the network, at the core."

Tags: Data breach and leak prevention,  Data breach and leak prevention,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data breach and leak prevention Security channel can't ignore full-disk encryption products, services Vulnerabilities, regulatory compliance drive data protection market Sophos integrates encryption into endpoint, email security Maintaining your customers' security amid layoffs Making the case for 'live' incident response Mass. data protection law 201 CMR 17: How to get customers ready Data breach prevention techniques: Helping customers avoid data breaches PGP partners with Avnet to boost channel play Data protection services offer revenue for security solution providers SenSage tapped to participate in McAfee's Sales Teaming Program Data breach and leak prevention Getting to know the NERC CIP standards Data breach prevention techniques: Helping customers avoid data breaches Security solution providers find new opportunities amid bleak economy What are the best data leakage prevention strategies for my clients? Data security: Alternatives to data leak prevention Pair data leak prevention product sales with consulting services Data leak prevention: Finding data before it's lost Data leak prevention strategies for security service providers Government security breaches bring work to channel Cyber insurance supplements, not replaces, data breach security

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary