The market for data leak prevention tools led to numerous acquisitions in 2008. As the spending spree slows and the hype around DLP dies down, more comprehensive approaches are emerging on the market, and customers' needs and expectations are evolving.
2007 was a dramatic year for the data
leak and data loss prevention market.
Security vendors racked up
acquisition after acquisition, while corporations decided how best to
deal with the fear that their intellectual property could spill out into
the wrong hands.
In the past year, however, the hype surrounding DLP
has died down a bit. Still, the role of technology in any enterprise
data protection strategy
has not diminished; instead, a more complete
vision of what DLP should be has emerged.
Meridian Health, based in Neptune, N.J.,
was one of the early adopters of DLP
products. The health care network bought into the technology in the second half
of 2006, before the marketing hype began in earnest. The idea was to get ahead
of the data protection requirements of HIPAA (the Health Insurance Portability
and Accountability Act), as well as New Jersey's
Identity Theft Prevention Act.
The experiment has worked well for Meridian,
which started with technology from Tablus prior to that vendor's acquisition by
EMC. Still, there were hurdles to jump.
"What we did when we first got the product is what most people do, you
turn on every lexicon just to see what you got, and that was a mistake,"
said Catherine Gorman-Klug, corporate director of privacy and data security at
What happened, Gorman-Klug explained, was that the technology began
generating false positives by inappropriately flagging keywords in everyday messages.
Cutting down on false positives meant fine-tuning the policies
and aligning them with the day-to-day needs of the staff.
DLP: The "Morning
Zoo" of the security world
Meridian's story is not unique
or product-specific. The challenges of properly utilizing DLP
blocking capabilities intimidated some enterprises into not using that part of
the technology at all. But that is changing.
Nick Selby, an analyst with The 451 Group, said he attended a workshop with
security executives in Chicago in
October and found many of them were using products' blocking features. This
will happen more and more, Selby said, as the technology commoditizes and users
become more familiar with what they want to block.
The cloud of marketing hype hovering over DLP
in the early days made it difficult to come up with a solid definition of what
it was. Some vendors spoke about e-mail encryption; others about content
monitoring and filtering; still others about things like USB
"The anti-data-leakage space in 2007 was the 'Morning Zoo' of the
security world: incessant yakking, and the same nine songs over and over,"
quipped Selby. "Since July, 2007, there has been $1.4 billion in
acquisitions, and several deaths-by-whimper. Those remaining players are either
strong or dying soon."
The difficulties enterprises found in utilizing the blocking technology
underscored the importance to organizations of understanding what data they
have and how they use it. This in turn increased the relevance of data
discovery as a part of DLP. Over the
past 18 months, the focus of the market has also shifted from just the network
to including endpoints.