IDC: DLP Adoption to Continue as Businesses Fear Insider Threat
New research suggests the market for data loss prevention products has some bright days ahead.
In a survey sponsored by Dimension Data and performed by analyst firm IDC, 57 percent of the 400 organizations that participated in the study plan to invest in data loss prevention (DLP) during the next 12 months. The survey can be taken as validation for DLP, a market that saw a spate of acquisitions during the past few years.
The buying spree has slowed, but continued this year with CA's acquisition of Orchestria and the recent purchase of Vericept by Trustwave. There are still a few DLP vendors left that haven't been acquired, like Code Green Networks and Verdasys. However, the consolidation in the market has led some to believe that DLP may become a feature rather than a stand-alone product.
For companies thinking about DLP, the first step is to decide what they want to protect. For businesses in the survey, the main concern seems to be insider threats. Almost half (45 percent) believed data leakage was more likely to occur due to employee error than external hackers with malicious intent (15 percent). In fact, 85 percent declared data loss via external hacking to be "very unlikely."
"The challenge when protecting an organization from internal data loss is that traditional defenses are designed to face outward, at the perimeter of a network, whereas the inside of the network remains relatively free of security controls," said Neil Campbell, global general manager of Security Solutions for Dimension Data, in a statement. "Compounding the problem, security awareness training initiatives for employees often go unfunded because organizations find it difficult to demonstrate a return on investment for such training.
"To tackle these challenges, companies are moving toward DLP as it involves a holistic approach to the protection of information, rather than simply the protection of networks and systems," he said. "It creates automated, technical barriers to both human error and malicious intent."