Data Leak Prevention, DLP Security Vendors Grow Up

True DLP

Code Green Networks is one of the few remaining pure-play DLP vendors. Rod Murchison, Code Green Network's vice president of marketing and strategic alliances, said he agreed the acronym "DLP" was initially overused, but said customers have gotten a clearer vision of what they want.

"What has shaken out in the industry is this focus on true DLP, and that is when we are taking source data out of the database, fingerprinting it and exactly matching it through some very robust policy frameworks to say, 'Hey, that record of data that we just found … came out of this database, which is part of your credit union member database, and there's no way ever that should go out from this company," Murchison said.

Glen Kosaka, director of marketing for Trend Micro's data leak prevention business unit, said customer understanding of insider threats has deepened, and many now want to step beyond network DLP and focus on the endpoint. He added that large enterprises want flexible, customizable tools supported by deployment services. Midsize companies, however, tend to be looking for out-of-the-box policies that require only a moderate level of tuning, he said.

Companies thinking about DLP can begin by understanding what data they want to protect and specifically how they want to protect it.

In a paper on how to select a DLP tool, (PDF) Securosis analyst Rich Mogull suggested several key areas for businesses to focus on when doing internal testing, including e-mail integration, directory integration, enforcement actions, policy creation and content analysis, network gateway integration, and storage integration.

"Have a clear understanding of which business units will be involved and how you plan to deal with violations before you begin the selection process," Mogull advised in the paper. "After deployment is a bad time to realize that the wrong people see policy violations, or your new purchase isn't capable of protecting the sensitive data of a business unit not included in the selection process."

For all the talk about DLP, it remains an early-adopter market, with 10 percent penetration around the world, according to Steve Roop, Symantec's senior director of marketing for DLP solutions.

"DLP answers three very important questions for organizations," Roop said. "Where is your sensitive data stored, how is it being used [and] how can you prevent a data loss event? Until organizations can answer these questions with confidence, DLP solutions should stay focused on helping them answer these concerns."