Friday, October 12, 2007

DLP vendor race

I'm still in a data security mood, so those of you in the identity world can tune out this time round if you like...or if you want to broaden your horizons, read on :)

Remember when I said to implement a proper data leakage prevention (DLP) solution you need an agent on the endpoint? If you're new to the blog or if you're one of the lazy ones and don't bother reading my posts that go for longer than 2 paragraphs (you know who you are), go read about what I said here (this post somehow managed to get a mention on the Network Sentry blog at IT Business Edge - I don't know how).

Now that you're back, let's get to the point. Vontu are one of the main vendors that always get a mention when you talk DLP, but they've always only had a network based solution. What that meant was that they could only watch data flowing on the network and prevent it from leaving. Once a laptop leaves the corporate network, data could easily escape and no one would be the wiser. This is the main reason you need an agent. An autonomous one that doesn't need to be connected to the network to enforce security policies for information.

As I said, there have typically been 2 types of DLP vendors. Network centric ones, and endpoint centric ones. It seems Vontu agrees with what I said because they've realised they need to be at the endpoint to really get serious about being a DLP solution. In doing so, they are the first (that I know of) to take a serious stab at doing both.

They announced earlier this month that they now have an endpoint agent. I took a look at the functionality and while useful, is still quite a way behind what some of the other endpoint DLP vendors can do in terms of functionality. In other words, they're playing catch-up. The advantage they have is that if an organisation wants to go with a network centric approach (I don't really know why they would - although these tend to be cheaper) with some coverage on the endpoint (but not a lot) then they can go with Vontu.

Where Vontu may win out in the short term is in the marketing stakes. Organisation that are easily sold based on Powerpoint slides may be convinced that Vontu is the way to go. My money's on Vontu going out and saying "we're the only ones that cover all the bases for DLP because we do the network aspects and we cover the endpoint". It's very difficult to sell on feature function unless a customer really has specific requirements that one vendor can meet better than the other. And even then, the only way to prove it is in a bake-off, because everyone's going to say "yes" to most requirements.

I have no doubt Vontu will continue to add functionality to all their products. This can only be good for competition in the high profile space that's come to be known as DLP. The question is how fast can they run? Will they catch up in the endpoint game (unlikely unless they double the size of their development team because they've now got more products to work on)? What about the other vendors? How fast are they running? Do they care that Vontu are in the endpoint DLP space now (rhetorical question)?

Of course I'm just stating the obvious. In any new area of enterprise software, almost all the major players are small to mid-size companies/start-ups. It's usually the ones that run the fastest that will win out in the end. Not always, but it sure helps.

No comments: