Data leakage prevention (DLP), driven by security and compliance, is drawing a lot of attention and generating sales. Solution providers can look forward to growing interest in gradual enterprise rollouts of these complex products, as well as simpler email-specific DLP products. SMB DLP products are also gaining traction for smaller organizations with relatively straightforward data-monitoring requirements.
Enterprise DLP products (also referred to as data loss prevention) can be deployed throughout an organization to discover and classify sensitive data, monitor for unauthorized outbound egress and take appropriate action to prevent data leaks. That could mean notifying a user that he or she is violating policy, encrypting an email message containing sensitive data or even blocking a transmission altogether.
Cambridge, Mass.-based Forrester Research Inc. predicts record sales in 2009. Companies have started pilot programs that often focus on the most urgent use cases, such as detecting and stopping outbound transmissions that contain unencrypted credit card numbers.
"DLP is pretty well set up to go after structured data," said Forrester senior analyst Andrew Jaquith. He said the DLP market's "sweet spot" revolves around protecting sensitive customer data.
However, Jaquith said most deployments are limited, and enterprise-wide rollouts are still rare.
"Any attempt by a company to run a 'DLP everywhere' type of project results in death by 1,000 cuts," said Mark Nicolett, Stamford, Conn.-based Gartner Inc. vice president and distinguished analyst. "Because when broad-scale monitoring is turned on everywhere, the organization running the project quickly becomes overwhelmed chasing down hundreds of individual situations, trying to understand if the data movement was necessary."
DLP falls into two broad categories. A full DLP deployment across an enterprise includes discovering and tagging sensitive data across the organization, monitoring activity on endpoints and portable storage devices, and filtering outbound information across a full range of vectors, email, Web mail, FTP and instant messaging, for example. Mid- to large-sized enterprises are most likely to be interested in phased deployments of these very complex products, starting with specific business units or limited goals, such as detecting credit card numbers.
A partial DLP implementation is generally restricted to email, using simple techniques such as regular expression (a way to do text string pattern searches and specify what action to take; Unix grep utility is an example) and keyword matching. The idea is applying the 80-20 rule, detecting most of the riskiest data, such as credit card numbers, where it is most likely to exit the enterprise.
Jaquith said about a third of enterprises have some form of a DLP product, and close to a majority will have at least a pilot started by the end of the year. He estimates the stand-alone market at $200-$250 million, including the partial/email deployments. Gartner pegs the market at around $300 million.SMBs embrace DLP
DLP is not just an enterprise tool. Smaller financial institutions, retailers complying with PCI and healthcare institutions are among DLP buyers. Some are purchasing email-specific "DLP light" capabilities, but others are purchasing DLP products from companies such as Code Green Networks Inc. and Palisades Data Systems, which are geared to smaller organizations without the complex data discovery and monitoring requirements of large organizations.
"Companies with 100 to 400 users are our sweet spot this year," said Sean Brockette, DLP manager for Dallas-based Ani Direct Network Security L.P., which sells Symantec Corp.'s Data Loss Prevention product (formerly Vontu Inc.). "Enterprise customers are waiting until the economy rebounds."
Brockette said Ani's DLP customers range from organizations with 15 users to those with as many as 5,200.
Full DLP deployments are slow to develop, in part, because the technology is still maturing, but mostly because of the complex people and process issues that need to be resolved, especially in larger organizations with numerous business units. Solution providers can anticipate growing opportunities as customers move from pilot programs and continued phased deployments throughout the enterprise.
"When you are talking about data, you are talking about things at layer 7 and above -- layer 11 being politics" said Jaquith. "Mucking around at the innards of business processes and pointing out things that shouldn't be moving around requires negotiation, communication and coordination."
Brockette said that this makes the vendors approach more complex as well.
"Companies have different units, each with a different idea of who owns the data and who is responsible for getting reports," he said.
The complexity of DLP, particularly for full deployments, generates service revenue opportunities he said, especially important in a weak economy where deep discounts in product sales are common in a highly competitive market. Gartner predicts that DLP will be 50% cheaper by 2011.
That market has seen extensive consolidation: CA Inc. acquired Orchestria Corp. earlier this year; McAfee Inc. acquired Onigma Ltd. in 2006 and Reconnex Corp. in 2008; in 2007, Symantec bought Vontu, RSA Security Inc. (EMC) acquired Tablus Inc., Trend Micro Inc. purchased Provilla Inc., and Raytheon Co. bought Oakley Networks Inc.; Websense Inc. bought PortAuthority Technologies in 2006. Remaining independent vendors include Vericept Corp., Verdasys Inc., Code Green, Fidelis Security Systems Inc., Workshare Inc., Palisades Data Systems, and GTB Technologies Inc.
The acquisitions hold the key to widespread, full DLP deployments, said Nicolett. As vendors meld DLP into their existing products, enterprise-wide deployment won't require difficult endpoint installations and integration with existing systems.
"Ultimately, DLP capability does need to be almost everywhere," he said. "On gateways, on the endpoint, on the network, at the core."
Dig deeper on Threat management and prevention