Why SMBs Arent Buying DLP

  /     /     /  
Publicated : 22/11/2024   Category : security


Why SMBs Arent Buying DLP


Cost, complexity, and a dearth of complete solutions limit adoption rates for small and midsize businesses; revamping the architecture and packaging of DLP solutions is key to winning the SMB market.



Much has been written about the rapid growth of the Data Leakage Prevention (DLP) market. According to Gartner, the DLP market has grown at more than 80% annually since 2006, hitting $300mm in 2009. Thats a mighty growth rate by any standard, and growth in excess of 20% is expected to continue for the foreseeable future. But the sales expectations may be a red herring. That same vaunted Analyst firm has also recently written that DLP is becoming, in effect, very expensive shelfware for the enterprises that have driven its rapid growth. And small and medium businesses (SMBs), which are needed to sustain DLPs growth as they follow the early corporate adopters, arent buying at rates that would be expected for such a critical application as data protection.
The shelfware conclusion is puzzling at first glance -- the large businesses who have bought DLP solutions typically have the IT expertise and endless resources to tackle major deployments. Theyve solved much bigger problems, such as ERP systems for example. And if its true that enterprises are having trouble figuring out DLP, it is even more difficult to imagine how SMBs will ever adopt this same technology.
The fix for this emerging problem is, thankfully, staring us right in the face. But to understand the fix its first important to put the challenges to DLP adoption into focus. There are three, and until solved they will continue to limit the growth of new buyers -- especially SMBs -- while also frustrating new clients into not completing deployment:
1. Excessive costs to purchase and deploy
2. Complexity of deployment
3. Lack of complete solution provided by current DLP offerings
The first two are obvious enough. Cost is almost always the first and largest hindrance to technology adoption, and since DLP was initially developed for large enterprises managing tremendous amounts of sensitive data, its no surprise that the technology is built to a high standard and comes with an equally high price tag. For businesses that can rationalize the purchase -- think enterprises with many seats to spread the per-user cost -- the next challenge becomes complexity of deployment. Inserting a large device into the corporate network and then connecting every PC and server in the network to that device for the purpose of approving or denying outbound emails, saving data to removable media or printing is quite a task -- one that requires many expensive hours to set up, fine tune, and then administer. This complexity challenge is at the heart of Gartners shelfware assertion. The third challenge is more telling, and gets us closer to understanding the fix. Assuming you hurdle the initial cost and complex deployment, theres a good chance you still end up unhappy with your new DLP system. Why? Two reasons: 1) your success relies on the imperfect knowledge of your programmers; and 2) todays DLP systems are incomplete. A DLP solution is simple in practice: you set up a rule with a trigger, and when the trigger is set off the DLP system denies the action. However, most of us are not omniscient and cannot anticipate all the rules that are needed to prevent data leakage. We dont have to look far for a good analogy. A bank wants to avoid money leakage, and thus installs a lock and an alarm on its door, and then cameras that record. Why have the camera if you have locks and an alarm? Because you dont know what you dont know, so if youre system is foiled you want to be able to replay the video tape to see who did it and most important, how they did it. Current DLP systems do not include this record functionality and thus provide clients no feedback loop for adjusting rules and, most importantly, no forensics when a breach does occur.
So, in effect, most DLP buyers soon discover that theyre taking a shot in the dark and hoping for the best.
The answer to these problems lies in the architecture and the packaging. Lets start with architecture. Current DLP solutions have been designed as network-based systems, which make them expensive to buy, complex to deploy, and blind to anything that occurs outside of the rules set by their human administrators. Further, theyre protecting data near its source, not where its being used, which is where the greatest risk of breach lies. An endpoint DLP solution gives businesses complete visibility and control of the users behavior since the endpoint is where all the action is. An endpoint agent can allow you to record all computer activity (whether or not a rule is triggered), creating a feedback loop administrators can use to perfect policies over time, as well as providing a play-back feature if and when there is a breach.
Now, the packaging. Delivering the endpoint solution in a Software-as-a-Service (SaaS) model solves the more obvious and easier problems of cost and deployment complexity. With a SaaS solution, businesses effectively eliminate the upfront purchase and deployment costs.
To be sure, protecting data wherever it resides or is in use -- whether in storage, on the network or at the endpoint -- should be a critical objective for any business. But if DLP providers want those 20%-plus growth rates to go on forever, they not only need happy enterprise clients, they ultimately need SMBs to buy the vision. And to make that happen, the endpoint is the place to be.
Brad Miller is CEO of
Awareness Technologies
.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Why SMBs Arent Buying DLP