Data loss prevention, or DLP, has been around since the early aughts and has gone through the typical stages of a new technology -- from buzzword to fledgling product set to something solid enough to attract established vendors and VARs.
DLP products, for keeping sensitive information from escaping corporate networks, are now embedded in the security portfolios of such vendors as CA (now CA Technologies), McAfee, Sophos, Symantec and RSA. Websense Inc. offers DLP as part of its focus on Web and content security products, while NexTier Networks Inc. emerged from stealth mode in 2008 to focus on DLP. Many firms came to DLP through the acquisition route, with McAfee (Reconnex), Sophos (Utimaco), Symantec (Vontu) and RSA (Tablus) making moves in the 2007-2008 time frame.
Most signs point to a mainstream technology. But has DLP matured to the point where the technology has lost its profit edge for resellers and integrators? Software and service executives contend that's not the case. They still see plenty of room to wrap value-added services around a DLP deployment. And the arrival of DLP as a service creates an opening for managed services providers.
"There is still an opportunity," said Rohyt Belani, chief executive officer and co-founder of Intrepidus Group, a provider of information security consulting services.
Belani acknowledges that DLP technology has matured, but it still needs to be customized for different environments. DLP products may generate false positives, erroneously flagging material that is safe to leave the company. The technology needs tweaking "to make sure it is fine-tuned enough to not generate false positives to the point that actual data loss is hidden in the noise," Belani said.
Selling DLP requires specific implementation skills
DLP systems need "to be told what data is confidential/sensitive in light of the client's business and what should be blocked or alerted upon," Belani said. "The thresholds are critical to ensure that the DLP doesn't drop or alert on too much like an IDS/IPS [intrusion detection system/intrusion prevention system]."
Prem Iyer, practice director for information security at Iron Bow Technologies, a Chantilly, Va., solutions provider , agreed. "DLP is not a technology we sell to a customer and then walk away. We offer customization around policies that make sense for that individual customer environment."
Customers, Iyer said, may need help with initial configuration and periodic tuning over time. Iron Bow helps customers identify and classify data in categories and then establish policies that are appropriate for each type, he said. For example, should the DLP system monitor a certain type of data and alert system administrators if it leaves the premises or should it block the data outright? Those policies may need to be modified over time as business rules and objectives adjust, he added.
"The challenge is not simply with selection and implementation of DLP technology," said Rene Head, global theater engagement manager, managed security services, Unisys. "Knowing what data needs protection, where that data sits, how it's used and where it goes are all key elements of an effective DLP implementation."
DLP as a managed serviceManaged services can also play a role in the DLP engagement. A reseller or integrator can install a data loss prevention solution -- often a hardware/software appliance -- at the customer's location and offer managed services around it.
Head said a customer can purchase DLP technology through Unisys and then retain the company to provide managed DLP services: policies, updates, distribution and break/fix among others. Unisys sources DLP products through one of its vendor partners.
"A managed DLP service provides customers with both increased efficiency and effectiveness," Head said. "In particular, a managed DLP service provides consistency of controls and policies across a multitude of data-capable devices without the need for a large staff of experienced security specialists."
Some DLP vendors have developed products specifically designed for delivery as a managed service. Palisade Systems Inc. last fall rolled out PacketSure Managed DLP, which runs on a VMware virtual machine. The company also offers DLP as an appliance.
Christian Renaud, chief executive officer and president of Palisade Systems, said he believes the managed services version of PacketSure will eventually surpass traditional appliance sales.
LightEdge Solutions Inc., a hosted service provider in Des Moines, Iowa, is in the early stages of marketing PacketSure Managed DLP. Scott Riedel, director of marketing at LightEdge, said the company's main target customer has between 50 and 300 employees.
"I think that smaller companies are definitely going to prefer a hosted solution rather than an appliance for the obvious reasons of the initial capex costs --implementation and ongoing maintenance are much higher for the appliance," Riedel said. "Hosting just makes it easier to get started."
Riedel said LightEdge will host an education seminar/webinar in a few weeks, directing the effort toward banking/finance and healthcare customers. He said the company sees customers in those markets as the early adopters.
DLP training ahead
Channel partners looking to enter the DLP market will find the endeavor more complicated than reselling a firewall, industry executives noted. In addition, customers over the years have acquired more smarts when it comes to DLP solutions.
Tarique Mustafa, chief executive officer of NexTier Networks said resellers have a harder time making the DLP sale to increasingly savvy customers.
"Customers ... are much better educated than they were earlier," said Mustafa. "That is why the channel has problems. They do not deploy or allocate the kind of resources which will be needed to master the solutions that they are actually trying to sell."
Resellers must fund training so sales engineers can reach "the new required level of sophistication" and "answer the intelligent questions the IT guys are asking," he said.
At NexTier, training is a mandatory part of a channel partnership, Mustafa said. The company offers DLP training to value-added distributors and resellers.
Symantec Corp. offers both online and instructor-led training DLP training for its channel allies. Jennifer Ellard, senior product marketing manager for Symantec DLP, said the training emphasizes selling to the appropriate person in the organization.
"DLP is sold to the CISO," she explained referring to a company's chief information security officer. That's a higher level sale than other security products.
With its DLP training, Symantec spends a lot of time making sure partners can speak to the right person and understand that person's concerns, according to Ellard.
Resellers and service providers should prepare themselves to learn as they go in the DLP space. Head cited the continuous advancement of technologies for boosting organizational productivity and the continuous efforts of criminals to develop more sophisticated exploits that will propel the further development of DLP.
"With these two forces in mind, any current security technology, like DLP, will be obsolete and useless very soon, regardless of how mature it appears now," Head said. "DLP will continue to evolve to fill the gaps created by the interaction of humans and technology and eventually will be included in suites and 'security platforms' that become mainstream for organizations."