Report Card: 2007 Incite #6 - Patching the Leaks

OK, we've passed the half-way mark. Here is the Incite on Leak Prevention.

Incite #6 - Patching the Leaks

More high profile privacy train wrecks force many customers to just buy something to address the information leakage problem. Laptop encryption turns out to be far from a panacea, while multi-protocol leak prevention gateways remain in high demand. Users demand integration at both ends (client and perimeter), foreshadowing more consolidation. Users finally figure out data protection is more of a process issue, forcing Pragmatic CSOs to ask tough questions of senior IT managers on how data is handled and who has access to it.

Days of Incite Link: http://securityincite.com/blog/mike-rothman/2007-doi-day-6-patching-the-leaks
Incite Redux Link: http://securityincite.com/blog/mike-rothman/incite-redux-july-11-2007

Final grade: B

“More high profile privacy train wrecks…” Have any truer words been spoken over the past year? The list goes so far beyond just TJX and a lot has to do with lost laptops, but there have also been insider thefts, compromised machines and lost backup tapes. So the only thing you can pretty much count on is that if you think your private information is actually private, you are mistaken.

So you do you address the issue? The 2007 Incite talks about laptop encryption and DLP. Let’s pop the DLP bubble first. That market is early, and it’s also small. Symantec paid more than 3 times the entire market size for Vontu, but there is certainly a lot of precedent for Symantec paying up when they think they need something (Brightmail anyone?). EMC also bought Tablus, which means there aren’t too many independent DLP vendors left.

But that’s the simplistic vendor view of the world. What about customers? Basically, they still need to figure out what they are watching for. The current generation of tools does a decent job of checking against dictionaries and regular expressions. Catching stuff you don’t know about is still pretty dicey.

That being said, it is all about the content, and that means that inspecting the content is critical. It won’t be a standalone function over time, but the algorithms and content expertise required to do DLP right will prove valuable for every major security company to control. So expect more DLP consolidation next year, as the process becomes a more engrained part of security defenses.

What about laptop encryption? The answer is yes. It’s hard to envision how larger organizations can figure out how to protect their data, which increasingly resides on mobile devices, without resorting to laptop encryption. Maybe they are lucky and have all Macs, so they just turn on FileVault. Probably not, who has all Macs?

What about Vista’s BitLocker? Again, it’s pretty unlikely that your organization is all Vista (and given how badly Vista sucks, it probably shouldn’t be, but I digress), so you are looking for something to fill the gap. There are actually lots of choices to buy an encryption widget, and this is another market that will see further consolidation next year. Every endpoint security vendor needs to have this technology as part of their suite – whether they own it (like Check Point or McAfee) or do an OEM.

As hard as most organizations work to do the right thing in protecting your data, McNealy was right. You have no privacy – get over it.

Check out the other posts in the Report Card series.