Risk
12/27/2010
03:32 PM
Commentary
Commentary
Commentary
50%
50%

Why SMBs Aren't Buying DLP

Cost, complexity, and a dearth of complete solutions limit adoption rates for small and midsize businesses; revamping the architecture and packaging of DLP solutions is key to winning the SMB market.

Much has been written about the rapid growth of the Data Leakage Prevention (DLP) market. According to Gartner, the DLP market has grown at more than 80% annually since 2006, hitting $300mm in 2009. That's a mighty growth rate by any standard, and growth in excess of 20% is expected to continue for the foreseeable future. But the sales expectations may be a red herring. That same vaunted Analyst firm has also recently written that DLP is becoming, in effect, very expensive shelfware for the enterprises that have driven its rapid growth. And small and medium businesses (SMBs), which are needed to sustain DLP's growth as they follow the early corporate adopters, aren't buying at rates that would be expected for such a critical application as data protection.

The "shelfware" conclusion is puzzling at first glance -- the large businesses who have bought DLP solutions typically have the IT expertise and endless resources to tackle major deployments. They've solved much bigger problems, such as ERP systems for example. And if it's true that enterprises are having trouble figuring out DLP, it is even more difficult to imagine how SMBs will ever adopt this same technology.

The "fix" for this emerging problem is, thankfully, staring us right in the face. But to understand the fix its first important to put the challenges to DLP adoption into focus. There are three, and until solved they will continue to limit the growth of new buyers -- especially SMBs -- while also frustrating new clients into not completing deployment:

1. Excessive costs to purchase and deploy

2. Complexity of deployment

3. Lack of complete solution provided by current DLP offerings

The first two are obvious enough. Cost is almost always the first and largest hindrance to technology adoption, and since DLP was initially developed for large enterprises managing tremendous amounts of sensitive data, it's no surprise that the technology is built to a high standard and comes with an equally high price tag. For businesses that can rationalize the purchase -- think enterprises with many seats to spread the per-user cost -- the next challenge becomes complexity of deployment. Inserting a large device into the corporate network and then connecting every PC and server in the network to that device for the purpose of approving or denying outbound emails, saving data to removable media or printing is quite a task -- one that requires many expensive hours to set up, fine tune, and then administer. This complexity challenge is at the heart of Gartner's "shelfware" assertion.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: nice one
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0845
Published: 2015-04-17
Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates.

CVE-2015-0967
Published: 2015-04-17
Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp.

CVE-2015-0968
Published: 2015-04-17
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590.

CVE-2015-0969
Published: 2015-04-17
SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI.

CVE-2015-0970
Published: 2015-04-17
Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.