Risk
12/27/2010
03:32 PM
Commentary
Commentary
Commentary
50%
50%

Why SMBs Aren't Buying DLP

Cost, complexity, and a dearth of complete solutions limit adoption rates for small and midsize businesses; revamping the architecture and packaging of DLP solutions is key to winning the SMB market.

Much has been written about the rapid growth of the Data Leakage Prevention (DLP) market. According to Gartner, the DLP market has grown at more than 80% annually since 2006, hitting $300mm in 2009. That's a mighty growth rate by any standard, and growth in excess of 20% is expected to continue for the foreseeable future. But the sales expectations may be a red herring. That same vaunted Analyst firm has also recently written that DLP is becoming, in effect, very expensive shelfware for the enterprises that have driven its rapid growth. And small and medium businesses (SMBs), which are needed to sustain DLP's growth as they follow the early corporate adopters, aren't buying at rates that would be expected for such a critical application as data protection.

The "shelfware" conclusion is puzzling at first glance -- the large businesses who have bought DLP solutions typically have the IT expertise and endless resources to tackle major deployments. They've solved much bigger problems, such as ERP systems for example. And if it's true that enterprises are having trouble figuring out DLP, it is even more difficult to imagine how SMBs will ever adopt this same technology.

The "fix" for this emerging problem is, thankfully, staring us right in the face. But to understand the fix its first important to put the challenges to DLP adoption into focus. There are three, and until solved they will continue to limit the growth of new buyers -- especially SMBs -- while also frustrating new clients into not completing deployment:

1. Excessive costs to purchase and deploy

2. Complexity of deployment

3. Lack of complete solution provided by current DLP offerings

The first two are obvious enough. Cost is almost always the first and largest hindrance to technology adoption, and since DLP was initially developed for large enterprises managing tremendous amounts of sensitive data, it's no surprise that the technology is built to a high standard and comes with an equally high price tag. For businesses that can rationalize the purchase -- think enterprises with many seats to spread the per-user cost -- the next challenge becomes complexity of deployment. Inserting a large device into the corporate network and then connecting every PC and server in the network to that device for the purpose of approving or denying outbound emails, saving data to removable media or printing is quite a task -- one that requires many expensive hours to set up, fine tune, and then administer. This complexity challenge is at the heart of Gartner's "shelfware" assertion.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9734
Published: 2015-06-30
Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php.

CVE-2014-9735
Published: 2015-06-30
The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin a...

CVE-2015-1913
Published: 2015-06-30
Rational Test Control Panel in IBM Rational Test Workbench and Rational Test Virtualization Server 8.0.0.x before 8.0.0.5, 8.0.1.x before 8.0.1.6, 8.5.0.x before 8.5.0.4, 8.5.1.x before 8.5.1.5, 8.6.0.x before 8.6.0.4, and 8.7.0.x before 8.7.0.2 uses the MD5 algorithm for password hashing, which mak...

CVE-2015-1919
Published: 2015-06-30
Cross-site scripting (XSS) vulnerability in IBM Security QRadar Incident Forensics before 7.2.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2015-1923
Published: 2015-06-30
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report