Why I am so Positive About DLP
Welcome to the Symantec DLP Blog. In my inaugural post, I'd like to share with you my basic sense of optimism in where Data Loss Prevention is going. If you already know me, or have heard me present, you already know my confidence in DLP is now high and rising.
From what I see in the field, the magnitude of impact DLP will make in Information Security is hard to over-estimate. In my conversations with CISOs, security practitioners, and other entrepreneurs; there are numerous signs that Data Loss Prevention has finally arrived. Not all of these signs are clearly visible to people working outside of DLP; but they are definitely here. In the months ahead in this forum, expect to see many reasons why you should be paying close attention to this interesting corner of the Information Security space.
My high level of optimism may be hard for some members of the security community to understand. There's a lot of cynicism in the security business and, just by the nature of the profession, a lot of negativity. Back in 2001 when I started working on the idea of what eventually became Vontu (later acquired by Symantec in 2007), you'd have to be a wildly committed optimist to think DLP would one day be a big deal. To the charge of "wild optimist" I plead guilty. From the very beginning, many thought I was a lunatic to basically bet my house that I could get a venture off the ground that would address insider threats. Not only was 2001 a hostile funding climate (known by many as the Ice Age of Venture Capital) but many practitioners told me they'd never even heard customers ask for such a product like DLP. I was even told by a lead security analyst (who is now a recognized expert on DLP), that my sketch of a product was too complex and no one really wanted a solution to this problem anyway. To be a believer back then was a rather huge leap of faith.
For many active bloggers and pundits, the current trends in reported rates of data breach are reasons to be highly pessimistic. There's now a constant drumbeat of ugly press coverage of data breach events that are, at best, highly embarrassing events for public entities and produce, at their very worst, catastrophic consequences at a personal, professional, and financial level. Data breach rates now are unacceptably high and at this point, your average consumer of banking, retail, or health-care services is likely overwhelmed by the pace of breach disclosure reports hitting the press. In this context, it's hard to see cause for any optimism at all for the prevention of data loss.
Nowadays, my optimism comes not from faith but from personal experience with the leading vendor in DLP. There are many sources of this optimism-inducing experience, but I had to choose a only a few I'd pick the following three.
1. DLP is now a priority for enterprises. A big reason for my enthusiasm for this space is that DLP now regularly appears as a top-ranked security priority across major enterprises all over the US.
2. The worldwide appetite for DLP looks quite substantial. The acquisition by Symantec has enabled huge amounts of leverage in sales and marketing resources to accelerate current domestic activity, expand our reach into international theaters, and expand our R&D investments
3. Customer success speaks for itself. My third (and primary) source of optimism in DLP is what we see at customer sites. The product most definitely does the job. Customers report big declines in measured rates of data exposure at companies running our DLP solution. We've helped numerous customers through critical "diving catches" where Symantec was the first and last line of defense against critical data breach events. Breaches that would definitely have made headlines. Breaches that would have created personal and financial havoc for the near-victims. Breaches we prevented.
Today, I see a trend of security practitioners, vendors, and fellow entrepreneurs who share my optimism and a seek to share a sense of personal responsibility in responding to the challenge posed by the high rates of data loss. There's a corresponding gradual erosion of the cynicism surrounding the seemingly intractable nature of the data breach problem. The remaining cynics need to realize that the majority of the serious data breach threat vectors are now *treatable* problems with Data Loss Prevention technologies. For that reason, I'll wrap up this inaugural post with a call to action.
We practitioners can make a difference. If you work in Information Security for a substantially sized organization that has customer data, intellectual property, or confidential data of any kind; and if you are not running a Data Loss Prevention solution, I'd like to ask you to consider how DLP can do some good for your company. Who knows? It's possible (even likely) that somewhere out there right now at your bank, hospital, or insurance carrier; we are already in place, protecting your personal data.
Founder, Data Loss Prevention Division