Data Leak Prevention, DLP Security Vendors Grow Up

The market for data leak prevention tools led to numerous acquisitions in 2008. As the spending spree slows and the hype around DLP dies down, more comprehensive approaches are emerging on the market, and customers' needs and expectations are evolving.

2007 was a dramatic year for the data leak and data loss prevention market. Security vendors racked up acquisition after acquisition, while corporations decided how best to deal with the fear that their intellectual property could spill out into the wrong hands.

In the past year, however, the hype surrounding DLP has died down a bit. Still, the role of technology in any enterprise data protection strategy has not diminished; instead, a more complete vision of what DLP should be has emerged.

Meridian Health, based in Neptune, N.J., was one of the early adopters of DLP products. The health care network bought into the technology in the second half of 2006, before the marketing hype began in earnest. The idea was to get ahead of the data protection requirements of HIPAA (the Health Insurance Portability and Accountability Act), as well as New Jersey's Identity Theft Prevention Act.

The experiment has worked well for Meridian, which started with technology from Tablus prior to that vendor's acquisition by EMC. Still, there were hurdles to jump.

"What we did when we first got the product is what most people do, you turn on every lexicon just to see what you got, and that was a mistake," said Catherine Gorman-Klug, corporate director of privacy and data security at Meridian Health.

What happened, Gorman-Klug explained, was that the technology began generating false positives by inappropriately flagging keywords in everyday messages. Cutting down on false positives meant fine-tuning the policies and aligning them with the day-to-day needs of the staff.

DLP: The "Morning Zoo" of the security world

Meridian's story is not unique or product-specific. The challenges of properly utilizing DLP blocking capabilities intimidated some enterprises into not using that part of the technology at all. But that is changing.

Nick Selby, an analyst with The 451 Group, said he attended a workshop with security executives in Chicago in October and found many of them were using products' blocking features. This will happen more and more, Selby said, as the technology commoditizes and users become more familiar with what they want to block.

The cloud of marketing hype hovering over DLP in the early days made it difficult to come up with a solid definition of what it was. Some vendors spoke about e-mail encryption; others about content monitoring and filtering; still others about things like USB port control.

"The anti-data-leakage space in 2007 was the 'Morning Zoo' of the security world: incessant yakking, and the same nine songs over and over," quipped Selby. "Since July, 2007, there has been $1.4 billion in acquisitions, and several deaths-by-whimper. Those remaining players are either strong or dying soon."

The difficulties enterprises found in utilizing the blocking technology underscored the importance to organizations of understanding what data they have and how they use it. This in turn increased the relevance of data discovery as a part of DLP. Over the past 18 months, the focus of the market has also shifted from just the network to including endpoints.