Data Loss Prevention Market Showing Maturity - Defining the Market (
Page 2 of 4 )
Defining the Market
One of the most paramount challenges may very well
be defining DLP to the buyers at large. Mogul claims that the DLP field is one
of the most confusing among all types of security products for buyers to figure
out. Part of that is attributed to the category’s name, which has at once been
described as data loss prevention, data leak protection, information loss
prevention, extrusion prevention and content monitoring and filtering. The DLP
moniker that most analysts settled on a few years ago has been co-opted by vendors
who sell in this space still leaves much to be desired because it can easily be
used by any solution with any modicum of properties that protect data.
“What we are seeing now is that everyone is
calling their solution DLP or extrusion prevention—everything from encryption
to the actual real DLP solution and I think that’s going to create enough confusion
that its going to be one of the limiting factors in the market,” Mogull said. “It’s clearly solving the
problem in a different way and I think lumping it all together doesn't help
anybody.”
Many pure-play DLP players have expressed
frustration over this confusion, even if it is a bit of a compliment to their
marketing departments.
“I think
there is confusion in some cases because everybody and their brother claims
that they’ve got some sort of
DLP
capabilities,” said John Peters,
CEO of
the
DLP
company Reconnex. “It’s a hot buzzword so you want to attach it to your product
and that’s where some of the confusion comes in. You know, if I’ve got an email
product and it can do a keyword look up, is that
DLP? If I’ve got an intrusion detection system and
I can look for credit card numbers is that a
DLP?”
According to Mogul, in order to be considered true
DLP a
product must be based on central policies that identify, monitor and protect
data at rest, in motion and in use through deep content analysis. Peters
believes that it is the action of analysis across those three channels,
scanning stored data through content discovery, protecting data in use on the
endpoint and protecting data in motion across the network, that really
differentiates
DLP
products from the wannabes. Once the category is whittled down to those set of
qualities, the field becomes much more manageable to wade through, he says.
“You need a solution in all three of those domains
with a central management system that covers them and there’s only a few of us
that offer that full set of capabilities,” Peters said. “What we find in the
marketplace is that we're almost always competing at the end of the day with
the same one or two vendors in the final bake off.”
Steve Roop of Vontu echoed Peters’ definition of a
DLP, emphasizing that the benefit comes by way of its unity in policy
enforcement, something that cobbling products together cannot offer.
“You don't have to different policies or rules—one for network,
one for storage and one for endpoint,” said Roop, who is vice president of
marketing and products for Symantec’s Vontu division. “For all three of those
threats being able to have a single incident response console where you can
remediate all of those threats is what buyers want.”
This is
key if a user, say, copies sensitive data to a
USB device and then maybe ten minutes
later mails off 70 files off of her laptop to her Web mail ten minutes later,
and then ten minutes after that she burns several Gigs of data onto a CD-ROM.
“When you
see all these things together in incident response you get a full picture of the
types of data loss threats and whether or not you've got and innocent employee
doing careless things or a malicious employee that you need to investigate,” Roop
said. “When you see those incidents happen together you get the full picture,
something some of our customers like to call a ‘single pane of glass’ looking
into their data activity.”
