With Wikileaks’ recent “bombshells” still in the news, you’d think that DLP vendors – “data loss prevention” if you’ve slept for a while and didn’t catch the acronym – would be riding high.
However, according to Bob Hansmann of Blue Coat systems, theirs is still an industry overwhelmingly driven by regulation. In essence: if a regulator requires an industry to buy into DLP, it does; if not, it doesn’t.
This has led to a strange market dynamic, he said: customers buy a solution solely as a response to a regulatory requirement – and only later do they find themselves with a system becoming a budget burden.
Since the inception of the DLP market, Hansmann said, the systems that need to be protected have become more perse and more complex – and this has led to a dichotomy in the market.
At one end, he claims, vendors have tried to deliver point solutions to prevent data loss in specific environments (e-mail, Web browsing, databases, at the file system level and so on). For customers, this raises the spectre of system proliferation – but the solution, a system capable of manage outbound traffic for all systems, quickly becomes too excessively large and complex.
The result is low satisfaction, Hansmann claimed – the circumstance which led Blue Coat to enter the market.
“DLP systems are slow, skills-demanding, expensive, and costly to maintain – we have partnered with major DLP vendors for many years, but our customers haven’t been happy with the solutions available,” he said.
Yet the requirement remains – and events such as the Wikileaks story create an interest in DLP that might reach beyond mere regulatory compliance. He believes, however, that such responses differ greatly between countries.
“In America, everybody wants to be told what they need to do – and if they’re not told, they won’t do it.
“Australia is a more self-motivated country,” he said.
“However, it’s not just country regulation, it’s also industry regulation – for example, any bank that works with banks in other countries has to comply with their regulations as well as their own.”
Blue Coat’s launch into the DLP space takes the form of appliances designed to work in conjunction with its ProxySG gateway optimisation product. In this architecture, enforcement is handled by the gateway – the DLP appliance is designed to carry out traffic inspection and fingerprinting. In a medim-sized enterprise, however, the DLP system can monitor the gateway without needing the proxy.
There are three profiles of the appliance supporting, respectively, maximum user counts of 250, 5,000 or 25,000 (the number of users supported by a deployed system depends on the user licenses purchased).
The appliances are designed to examine and fingerprint Web, e-mail and general network traffic, balancing a usable number of “pre-canned” policies with sufficient flexibility that the system can be customized to the target environment.
Fingerprinting the traffic is they most important task, Hansmann said. “Even a small company may have many thousands of records in a database, and you want that fingerprinted so that only the appropriate people see it.”
Web applications, and particularly collaborative applications, can pose greater challenges than mundane but large databases. “Collaborative systems are a particular and common problem, because people leave things lying around.”