Risk
12/27/2010
03:32 PM
Commentary
Commentary
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Why SMBs Aren't Buying DLP

Cost, complexity, and a dearth of complete solutions limit adoption rates for small and midsize businesses; revamping the architecture and packaging of DLP solutions is key to winning the SMB market.

Much has been written about the rapid growth of the Data Leakage Prevention (DLP) market. According to Gartner, the DLP market has grown at more than 80% annually since 2006, hitting $300mm in 2009. That's a mighty growth rate by any standard, and growth in excess of 20% is expected to continue for the foreseeable future. But the sales expectations may be a red herring. That same vaunted Analyst firm has also recently written that DLP is becoming, in effect, very expensive shelfware for the enterprises that have driven its rapid growth. And small and medium businesses (SMBs), which are needed to sustain DLP's growth as they follow the early corporate adopters, aren't buying at rates that would be expected for such a critical application as data protection.

The "shelfware" conclusion is puzzling at first glance -- the large businesses who have bought DLP solutions typically have the IT expertise and endless resources to tackle major deployments. They've solved much bigger problems, such as ERP systems for example. And if it's true that enterprises are having trouble figuring out DLP, it is even more difficult to imagine how SMBs will ever adopt this same technology.

The "fix" for this emerging problem is, thankfully, staring us right in the face. But to understand the fix its first important to put the challenges to DLP adoption into focus. There are three, and until solved they will continue to limit the growth of new buyers -- especially SMBs -- while also frustrating new clients into not completing deployment:

1. Excessive costs to purchase and deploy

2. Complexity of deployment

3. Lack of complete solution provided by current DLP offerings

The first two are obvious enough. Cost is almost always the first and largest hindrance to technology adoption, and since DLP was initially developed for large enterprises managing tremendous amounts of sensitive data, it's no surprise that the technology is built to a high standard and comes with an equally high price tag. For businesses that can rationalize the purchase -- think enterprises with many seats to spread the per-user cost -- the next challenge becomes complexity of deployment. Inserting a large device into the corporate network and then connecting every PC and server in the network to that device for the purpose of approving or denying outbound emails, saving data to removable media or printing is quite a task -- one that requires many expensive hours to set up, fine tune, and then administer. This complexity challenge is at the heart of Gartner's "shelfware" assertion.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2014-0778
Published: 2014-04-19
The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.

CVE-2014-1974
Published: 2014-04-19
Directory traversal vulnerability in LYSESOFT AndExplorer before 20140403 and AndExplorerPro before 20140405 allows attackers to overwrite or create arbitrary files via unspecified vectors.

CVE-2014-1983
Published: 2014-04-19
Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors.

Best of the Web