Top trends in the data-leak protection market
DLP tools gain advanced features, integration with security productsBy Cara Garretson
Data-leak protection is a young segment of the security market that is growing up fast. With the rapid consolidation of the security market that has occurred over the last year, as large security vendors snapped up start-ups, and with many DLP products maturing, what was once a collection of scrappy point products is becoming a set of enterprise-grade tools.
Called by many names, including outbound content management and data-loss or data-leakage protection, these tools help companies identify and protect sensitive information. Gartner Research estimates the total content filtering and DLP market hit about $50 million in 2006 and tripled to $150 million in 2007. Meanwhile, IDC predicts the 2007 market to be even higher. It says the market reached $194 million in 2007 and will rise to $434.6 million in 2009, representing a nearly 50% compound annual growth rate. The bottom line is that investing in DLP is becoming a corporate necessity.
The following are some key trends in this market:
- The buying spree is winding down. From late 2006 through all of 2007, larger security companies spent at least $1.6 billion acquiring DLP start-ups. And that figure only includes the deals with values that were made public. Giants including Cisco,
Symantec, Trend Micro, McAfee and EMC/RSA picked through the couple dozen start-ups in this market and ponied up the necessary cash, culminating with Symantec's $350 million bid for Vontu in November.
- Integration has begun. Now that so many security vendors can boast about the addition of data-loss protection features to their product portfolios, they are creating road maps detailing how these acquired products will better integrate with their existing platforms. That's how it should be, says Nick Selby, senior analyst and director of The 451 Group's enterprise security practice, who believes this function is best suited to be part of a larger security plan instead of remaining as stand-alone point products.
- DLP products are becoming more useful. One reason bigger security vendors have been so interested in DLP start-ups is that the tools have matured. They no longer simply watch sensitive data fly out the door; they help companies pinpoint where it's stored. "The story has been moving from just information-in-motion protection to information at rest and discovery; that may be a reason why acquisitions lit up so quickly," says Trent Henry, vice president and research director with Burton Group. "Many solutions were inline devices on the network that said 'something sensitive has left the network.' Now with e-discovery requirements and [the payment card industry's specifications for protecting data], you don't want to just know where the information is going, but also where it is stored."
- User participation is becoming more important and easier to do. DLP products only work as well as the policies that guide these products. To discover what information should and should not be shared, IT must rely on input and participation from business-unit managers and other non-technical employees. These tools are becoming more savvy to that fact. Many now include set-up components that don't require a technical background to understand. At the same time, the tools are also becoming more flexible with the user. For example, when a user attempts to send out data without authorization, some tools will send up an alert but also give the user an opportunity to explain his actions. This feature helps create policies that more effectively describe how work is accomplished in an organization.