Apps to stop data breaches are too complicated to use
Vendor: DLP is like 'boiling the ocean;' most customers don't even encrypt hard drives
Considering the string of high-profile, high-cost data breaches recently (Sony, Epsilon, Texas), and the existence of a whole category of security software designed to keep information from doing things it's not supposed to even inside the firewall, you have to wonder why Data Loss Protection isn't more popular.
Because it's too damn complicated, that's why, at least according to some of the people who sell it.
DLP is the "most disappointing" portion of the security market primarily because of the amount of time it takes companies to identify the data they want to protect, create profiles and taxonomies to categorize it and put in place the software that will protect it, John Vecchi, head of global product marketing for security vendor Check Point told a Register reporter at the company's annual conference today.
Impressively sophisticated applications that can differentiate top-secret plans for next year's product from ho-hum plans for one from five years ago – and apply security policies that don't allow secrets to be copied or carried out of a secure networks, for example – can take two years to fully implement, he said.
That "boil the ocean" approach doesn't deliver much benefit until all the pieces are in place, which makes even companies enthusiastic about automating their data protection shy away from the work of actually doing it.
That's a problem for companies like his that develop the software, CheckPoint CEO Gil Schwed said in his keynote.
A bigger problem is the tendency of customers to not use even the security products they've already bought.
Seven out of 10 companies don't encrypt data on laptops and 87 percent don't encrypt USB or portable devices according to a survey released by Check Point in December.
A study from the International Association of Information Technology Asset Managers and vendor 1E, Ltd. showed U.S. companies waste $12.3 billion in licenses for software no one uses and 10 percent of new software purchased is never installed at all.
Security systems, intrusion protection, for example, are often left in passive mode, which logs unauthorized attempts at penetration, but doesn't identify or actively block attackers from making another try.
"It's a mature market – please turn it on," Vecchi told TheReg.