There are many ways to leak information, but it's easy to blame the network administrator when sensitive data makes its way off the LAN and across the gateway.
To the rescue comes this emerging real-time content-monitoring technology that sits inside the network to help prevent a company's intellectual property from being sent into the wrong hands. These vendors (often referred to as the V companies) are gearing up for prime time, meaning that they are trying to reshape their technology and distribution models to appeal to broader markets, with the promise of simplifying network configuration requirements and keeping organizations' private data private.
Network administrators don't need to look far for examples of devastating security breaches caused by sensitive data slipping through the cracks of an organization, via email, Web mail, IM, and file transfers. Laptops containing personal patient identification have been stolen, and employees -- usually inadvertently -- have emailed details of the company's next product release to the wrong person.
Whether the outgoing data is confidential business data, personal information about customers or employees, or intellectual property, the problem is growing, and what's at stake is personal and corporate privacy, and brand reputation.
A number of content monitoring providers are stepping up to improve customers' risk factor in the loss of data, and the next several months promise to be a pivotal time for broader customer deployments and increased technology development within this industry.
These days, it is not enough for network administrators to feel secure behind company firewalls. Some research indicates that more than half -- and as much as 80% -- of security breaches are caused by insiders with actions originating behind the firewall. Resellers are already seeing some of their clients blindsided by major data leakages, prompting them to scramble and shell out big bucks on content-monitoring solutions to keep closer tabs on who's sending what and to where.
Leak-prevention products are likely to become another layer of protection that monitors the network for suspicious behavior as network administrators look to protect companies' brand reputations, increase security, and ensure corporate and regulatory compliance.
These content-monitoring tools, typically network-based but also agent-based, look at the content -- and not just application -- layer traffic. Solutions scan and detect sensitive data, and mitigate through automated blocking of outgoing messages based on policy requirements. A number of vendors -- including Vontu, Reconnex, Oakley Networks, Vericept, Tablus, PortAuthority and Onigma -- provide network-based and/or desktop-based software to monitor and prevent data leaks.
These solutions also typically support compliance and policy creation capabilities. Pre-defined policy templates are usually available out of the box, along with the ability for customers to create their own custom policies using wizards. Out-of-box policies support compliance regulations such as Sarbanes-Oxley, and some pre-defined policies also support industry-specific best practices.
Most of these vendors also have relationships with encryption providers such as PGP in order to adapt and integrate with various types of enforcement capabilities. Because this technology integrates with traditional encryption tools, data-leakage products can provide granular enforcement policy by sender, recipient, content and channel. So, for example, if a legitimate email with credit card numbers is attached, but not encrypted, many data-leakage prevention tools will be able to enforce that policy.
Vendors in this young market have only a handful of customers in a few data-sensitive industries, such as the federal government and finance, but they are looking to broaden their markets in coming months to industries including retail, high-tech, and healthcare.
Enterprises interested in this technology will need to watch for key signs that the technology is ready for prime time. These include continued improvement in the accuracy of product detection (to avoid false positives), solutions that include both network-based and endpoint solutions, appropriate TCO for non-financial markets, and simplification of the configuration and maintenance requirements of the software through scaled-down versions of vendors' high-end offerings, which currently go hand-in-hand with costly professional services.
Furthermore, users will have to weigh the value of this new technology with newly emerging alternatives such as device leakage prevention products, which set policies on devices attached to the network. Therefore, there is probably a more immediate and significant market opportunity in consolidating this technology with traditional endpoint security and desktop management solutions in order to add value to core products and increase revenue opportunity for those providers.
Network administrators should also look for partnerships between providers of data-leakage prevention solutions and their traditional network infrastructure and threat-management providers in an effort to batten down the hatches on organizations that may employ workers who just talk too much.
Charlotte Dunlap is an analyst for Current Analysis, which provides competitive response to vendors, users and integrators. She has more than 15 years of experience covering high-tech/security issues as a journalist and analyst. She can be reached at firstname.lastname@example.org.