The pressure to avoid costly, embarrassing security breaches and comply with government and industry regulations...
is forcing more businesses and organizations to consider ways to keep the data in -- not just keep the bad guys out.
Data-leak prevention systems are designed to keep sensitive information -- such as Social Security numbers, credit card information and intellectual property -- from falling into the wrong hands by preventing data that matches set descriptions from leaving secure systems. The most popular technologies are content monitoring and digital rights management, also known as enterprise rights management.
Gartner Research estimated the content filtering and data-leak prevention market's value at $50 million in 2006 and has predicted that it will reach between $120 million and $150 million this year.
One of the major drivers of that growth is the need by retailers, healthcare companies and others to address data security regulations such as the Payment Card Industry Data Security Standard, the U.S. Health Insurance Portability and Accountability Act and others, according to Gartner's most recent report on vendor positions and market growth in data-loss prevention.
"Data leaking is really nothing new," said Kenneth Tom, senior product marketing manager for McAfee. "It's just a lot more public, and for companies it can be a lot more painful."
Although most vendors are currently selling their data-leak prevention products directly to customers, there are opportunities for the channel to customize the technology for specific verticals and integrate it with other security products, experts said.
"None of these things are put-a-box-in-place-and-let-it-run," said Michael Rothman, president of Security Incite in Atlanta, Ga.
Content monitoring works by scanning network activity to make sure sensitive information is not compromised -- if, for example, an employee sends documents to a personal email address so he or she can work from home. Some products can even teach themselves what is and is not sensitive information, much like antispam software does with junk email.
"Content monitoring can catch that communication to the Internet in real time, so you can be much more proactive in protecting intellectual property," said Tom Bowers, president of Philadelphia InfraGard.
With digital rights management, an administrator can define a file's metadata to control who can access it and for how long, who they can send it to and if they can save it or print it.
"It's very, very specific," Bowers said.
The protection of intellectual property such as product designs and marketing plans will eventually be the main selling point for data-leak prevention, but for now, vendors and resellers are "getting most of their business from customers' confidential data concerns," said Trent Henry, a senior analyst for the Midvale, Utah-based Burton Group.
The technology is also spurred by the increasing number of potential leakage points, Bowers said. The list includes stolen laptops, smartphones, PDAs, MP3 players, camera phones, USB devices and Web portals that leave "forensic tracks" in temporary folders, he said.
Intensifying that concern -- as well as adding another threat all by themselves -- are the increasing number of gadget-carrying contractors, business partners and other guest users who need access to corporate networks. Products like McAfee's DLP Gateway, released last week, are able to stop leaks through those users by monitoring all network traffic, regardless of whether or not their machines are equipped with other data-leak prevention software, Tom said.
DLP Gateway works with McAfee's DLP Host, an endpoint content monitoring product, to stop leaks via email, instant messaging, peer-to-peer networks and other programs. Most of McAfee's customers are larger companies, which are interested because they have more to lose than smaller companies, and have the financial resources to embrace data-leak protection, Tom said.
McAfee's channel partners can work with clients to develop policies for protecting sensitive information and implement them through DLP Host and DLP Gateway.
"That's one of the most exciting parts of data-leak prevention -- that it offers our partners a lot of opportunities, especially in service," Tom said.
Many clients don't even know how to identify their sensitive information, be it customer records or company secrets, so that is another area where channel partners can add value, according to Saurabh Bhatnagar, senior product and alliances manager for Websense, identified in the Gartner report as one of the leading data-leak prevention vendors.
"A starting point for them is to find out what sensitive information exists in their environment and where to find it," he said.
Websense's Content Protection Suite, issued after the vendor's acquisition of Port Authority, monitors network traffic and can automatically block potential breaches or alert administrators.
At this stage of the technology, there are also some obstacles for the channel. The equipment can be expensive, some clients don't completely understand how it works, and vendors are selling their products direct.
"It's an early market," Rothman said. "Early markets tend to have manufacturers going direct to the customers while they work out deployment. Over the long term, it tends to be more channel-friendly."
Although channel partners will have to spend a lot of time explaining the technology to clients, the time is worth it because it presents a "pretty significant services opportunity," Rothman said.
Another channel opportunity is to integrate different data-leak protection products with each other and with other security functions, Bowers said. For example, content monitoring software that detects sensitive information can quarantine it on an antispam device or encrypt it with digital rights management before allowing it to be sent.
Websense's Content Management Suite also lends itself to integration with mail servers, IM and Web proxies and mail encryption gateways, Bhatnagar said.
Henry agreed with that strategy, calling that a "natural synergy," but he said, "we haven't really seen that happening yet."
The channel could also tailor data-leak prevention products to meet the unique confidentiality needs of the healthcare industry and protect the intellectual property of pharmaceutical companies, Henry said. Vendors would be more willing to go through the channel because they have little expertise in those two verticals, he said.