Readers' top picks for DLP products

The companies and DLP products that organizations consider, when they seek to address compliance and data security requirements across multiple platforms and environments.

This article can also be found in the Premium Editorial Download: Information Security magazine: Security attack? 2016 defenses focus on damage control:

Editor’s note: When this article originally appeared, it announced a shortlist of five “top picks.” Since then, we learned that the data set we had used was only partially collected. To encourage participation in the survey, respondents were asked to select from a list of vendors that failed to adequately represent enterprise DLP technology providers. As a result, we believe there was a larger margin of error in our vendor preference data set than we would ordinarily find acceptable. We have therefore altered the article to remove the original list of “top picks.” This article is as originally presented, except for small alterations made to maintain continuity. 

The highly publicized data breaches of recent years have focused greater attention on data loss protection and the ramifications of compromised networks. Our reader survey in October underscored the demand for data loss protection and the complexity of the vendor and tools landscape as mobile, cloud and the Internet of things take hold.

Out of 4,635 readers surveyed last fall, 25% told us they planned to invest in data loss prevention (DLP) products in the next 12 months. While there is greater deployment of encryption technologies (64%), among those surveyed, DLP products (41%) and database security tools (42%) were in a dead heat, followed by mobile and BYOD data protection (28%).

Gartner defines DLP products as a set of tools used to find, identify and classify data using content inspection and contextual analysis. Whether the data is at rest, in use or in motion, these tools enable organizations to apply one or more policies for regulatory compliance (PCI, HIPAA, PII, state or national law), endpoint protection on fixed and mobile devices, and intellectual property protection. Longstanding DLP products, from data discovery and classification to network and endpoint DLP, are becoming more robust as vendors attempt to keep ahead of fast-moving changes.

Our survey indicated as much: 70% of respondents said they are more likely to deploy DLP products if they are offered as a suite of interconnected tools, while 30% favored specific point systems such as an email DLP product. Endpoint monitoring and monitoring traffic on networks and a central console were the highest feature priorities among readers, followed by content discovery, email integration and policy-based management.

Interconnection will be a watchword in this product category moving forward. Johna Till Johnson, CEO of Nemertes Research, expects to see more integration between security information event management, DLP monitoring and user behavior analytics, tools that profile and track users rather than systems. The human factor and data security awareness remains a key challenge for security programs.

What types of data are organizations most concerned with protecting? Three-quarters (74%) of respondents said personally identifiable information, such as customer credit card numbers and healthcare information, was viewed as "particularly critical" data, alongside corporate financial data (62%) and intellectual property (58%). Less than a third (28%) of those surveyed said they needed to protect data that is stored in a public cloud.

Deborah Kish, Gartner principal research analyst, noted during an October presentation on DLP trends that as more companies move toward digital business models, having mechanisms in place for data discovery and data classification is important to lower risk. Managed DLP (discovery and classification likely first) will become more widely available, as organizations seek to outsource data loss protection.

She may be right. One-third (34%) of the readers surveyed are currently evaluating cloud-based or managed security service providers for their DLP initiatives. Many businesses lack the skill sets and dedicated resources to effectively manage data privacy and risk, especially in complex mobile and cloud security environments.

In addition to cloud support, DLP products in the next five years are likely to offer software-defined networking and virtualization functions, DLP remediation during the DLP cycle and sandboxing for behavioral analysis, among other features.

As many companies are finding out, DLP in the cloud offers some challenges, however. "The bottom line is that regardless of whether or not your data is hosted by a third party, you're still responsible as an organization for that data," says Kish.

When it comes to data discovery and classification, security professionals need to find DLP tools that meet their use cases and then map the organization to a framework. According to the survey respondents, "meeting compliance and audit requirements" (69%) ranked highest on their lists, followed by "attempting to avoid future data breach" (53%) and "protection of intellectual property" (46%). (See Corporate Watchdog: Looking for Sensitive Information.)

Corporate Watchdog:  Looking for Sensitive Information

"Many organizations buy DLP solutions because they have to or because they have regulatory compliance they need to adhere to," says Kish.

"A lot end up actually turning it off because it creates more headaches with audits and events that have security teams chasing their tails," she says. "Instead, treat it as a process, one that the entire leadership team works on during the entire life cycle of data." And stop throwing boxes at it.

Kathleen Richards is the features editor of Information Security magazine. Follow her on Twitter @RichardsKath.

Next Steps

What's the difference between data loss prevention and DLP-lite

Questions to ask enterprise DLP providers

More on the learning curve for DLP

This was last published in February 2016

Dig Deeper on Data Loss Prevention

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Have you deployed some form of data loss protection? What tips would you share with others who are evaluating those technologies?
Cancel
Solid review of the DLP market and trends. I would add a few additional insights worth considering that newer Adaptive DLP solutions have brought to the market:

Data redaction technology, as an alternative or supplement to the traditional ‘stop and block’ approach, has significantly reduced the “headaches” mentioned in the article that has caused organizations to turn their DLP off. By removing only the sensitive information that breaks policy and allowing the rest of information to helps ensure security teams are not chasing their tails. 

Level of deep content inspection -  If you can’t discover or detect the data leaving then what’s the point? When reviewing DLP solutions it is critical evaluate how deep the inspection level actually is and if there are any limitations due to zip/encryption, file size, analysis timing delays, virtual environment evasion techniques or multiple embedded document layers.

Document sanitization is becoming more popular as organizations look to complete remove hidden metadata, comments, revision history, etc. to avoid embarrassing leaks of private conversations and information that can be harvested for an attack. In addition to email, this becomes ever more important when publishing documents to websites and sharing in often overlooked cloud storage and collaboration tools (i.e. Dropbox, Box, OneDrive, etc.).

Bi-directional structural sanitization – Detect and prevent the loss of active content often missed such as algorithms in spreadsheets, while removing embedded malware and ransomware triggers that are now bypassing AV and Sandboxes

Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close