September 21, 2009, 11:58 AM — Data-loss prevention products can potentially save organizations a bundle by preventing the escape of sensitive information. But the six-figure starting price for a typical enterprise deployment of host and gateway-based DLP is tough for many to swallow.
The good news is that prices are expected to fall heading into next year as more vendors enter the fray and more choices for how to roll out DLP emerge.
"If you're dealing with a couple thousand seats for DLP, expect $250,000 to half a million," says Forrester Research analyst Andrew Jacquith. "But we will see price erosion because of competition."
(Of course, vendors are fond of pointing out that even today's prices aren't too high when you consider the cost of responding to a data breach. A Ponemon Institute study has tagged this at more than $6 million on average, or $202 per customer record, plus the loss of good reputation and possible lawsuits.)
The market to prevent data leaks got going in the early 2000s and has gained momentum of late, though even successful vendors still tend to boast of customer numbers in the hundreds rather than thousands. The market is dominated by traditional antimalware vendors that bought out DLP start-ups, though independents such as Verdasys remain in the mix as well. Newcomers will include the likes of antimalware vendor Sophos, which is expected this fall to introduce a DLP offering of its own making.
Jacquith says when enterprises determine an immediate need for DLP, the usual course has been to first turn to a security vendor they already rely on for other things.
"If it's a big McAfee shop or a Symantec shop, they'll look there first," he says. In Forrester's analysis, the market leaders are Websense, McAfee, Symantec, CA, EMC security division RSA and Verdasys. (For more on DLP products, read our recent test on perimeter-based tools.)In addition to DLP becoming available from more vendors, it will wind up getting embedded in existing software and hardware, including switches, servers and even laptops. It may all lead to the "content-aware enterprise," a phrase coined by Gartner analyst Eric Ouellet, who says, "It's about sprinkling DLP everywhere."
Buying into DLP
For those investing in DLP today, the need is straightforward.
"We need to protect patient information or other business information," says Larry Whiteside, CISO at New York City-based Visiting Nurses, which has 13,000 employees, with 3,500 nurses providing home assistance and facilitating hospital transition care for some 30,000 patients in the greater New York area.