The only good news is that pricing for DLP endpoints has gone down dramatically from two years ago when they were in the $110 to $140 range but today are now in the $30 to $40 range. But the network appliance and discovery tool costs haven't changed, he noted.
"What we've learned over five or six years is that organizations overall seem to be buying more DLP than they need for the real-world case," Ouellet noted. "Routinely, they do not deploy all of the components within the two- to three-year timeframe."
However, the market has evolved over the last year to include a second track for DLP that Gartner is calling "Single Channel DLP," which often focuses on the sole task of monitoring e-mail and attachments and ensuring e-mail encryption is properly used. "It provides you with enough to get you by," he said. Costs in this "Single Channel DLP" area can be in the $5 range for e-mail monitoring per employee.
The ugly truth about DLP is that it's almost always being used for just monitoring employee mistakes or misbehavior concerning data transmissions, not blocking them.
"The cost of supporting blocking can be too much or network use is too much," Ouellet said.
But just using DLP for monitoring isn't necessarily a bad thing since the course many organizations are finding that is that automated warnings about DLP misdeeds can help employees to do better, and talking to them does help them improve. "It can be more effective than seeing a big red screen blocking it," he added.
DLP has several weak points, such as it can't filter for content when it's encrypted in a way the DLP system doesn't know how to de-crypt, and it can't make sense of content sent as CAD diagrams, graphics, pictures or non-text-based media. Vendors also said to seldom support Mac, Unix or Linux.
Gartner still puts out its coveted "Magic Quadrant" for DLP. But it has also refined how it categorizes the market somewhat so that it will now detail market leaders, niche players and "visionaries' according to how they appear to serve the separate markets of "small-to-mid-sized business (SMB)", "mid-sized enterprise," "large enterprise" and "international."
For instance, this June's analysis from Gartner showed RSA, Symantec, Websense, McAfee, CA and Trustwave (which acquired Vericept late last year) as options suitable for large enterprises, while Code Green, Palisade Systems, Websense, Trend Micro and Fidelis were regarded as a good fit for SMBs mainly concerned with a basic compliance need, such as meeting the Payment Card Industry (PCI) rules.
The "international" category is where a lot of work remains to be done, Ouellet said, because there's not a lot of multi-lingual support and "the management console is typically English-langauge only."