Data Loss Prevention Market Leaders

PDF version of this report
You must have Adobe Acrobat reader to view, save, or print PDF files. The reader
is available for free

Data Loss Prevention
Market Leaders

by James G. Barr

Docid: 00021191

Publication Date: 1812

Report Type: MARKET


Data loss prevention (also known as data leak prevention or outbound content
management) is designed to protect
an enterprise against the financial loss, operational impact, and brand damage
associated with data breaches, especially high-profile exposures
involving employee or customer personally identifiable information (PII). Among
data loss prevention providers are Symantec, Forcepoint, Digital Guardian, and

Report Contents:

Executive Summary

[return to top of this report]

Data loss prevention (DLP)
tools are software programs that monitor access to – and help prevent the
unauthorized distribution of – sensitive data. Data loss prevention, also known as "data leak prevention" or
"outbound content management," is intended to protect an enterprise against the financial loss, operational impact, and brand damage
associated with data breaches, especially high-profile exposures
involving employee or customer personally identifiable information (PII). Also, by helping safeguard confidential or proprietary information, data loss
prevention tools help enterprises comply with data secrecy
standards, like those imposed by the Health Insurance Portability and
Accountability Act (HIPAA).

Essential DLP Benefits

Data loss prevention helps provide three essential benefits:

  1. Enabling compliance with relevant data security and privacy standards.
  2. Monitoring the movement of sensitive data.
  3. Preventing critical files from exiting the enterprise via specific
    egress points.1

How DLP Works

Cara Garretson, in a PC World article, explained that DLP tools catch sensitive data in a number of ways. The
simpler methods employ a dictionary of preset terms – including Social Security and credit card number formats,
as well as regulatory terms related to sensitive data – and then scan user activity for these terms. More
complicated systems offer language analytics for
determining whether data should be considered sensitive or
not. This is often achieved by capturing all the data
moving around a company, indexing it, and recommending what
should be protected. These approaches can be helpful for
classifying information that isn’t easily identified as
sensitive, such as intellectual property that could be
contained in an e-mail text or as part of a PowerPoint

"Tools generally offer policy-creation capabilities to
help establish rules regarding what data can and cannot
leave the corporate network. Many offer some sort of log
or audit capability, allowing administrators to review
user behavior and better understand the conditions
surrounding policy violations."2

In most cases, data loss prevention tools
are designed to prevent the accidental or unintentional release of
sensitive information which, according to one estimate, accounts for 98
percent of all leaked data. If a disgruntled employee, internal
contractor, or external hacker is determined to steal certain sensitive
data, he or she can probably escape DLP detection.

DLP Market Leaders

Among the leading data loss prevention providers are Symantec, Forcepoint, Digital Guardian,
and McAfee.3

Market Dynamics

[return to top of this report]

Full-Function DLP

To be considered a full-function DLP offering, a solution must manage three
types of data:

  1. Data in Motion – Monitoring and blocking, as appropriate, undesirable e-mails,
    instant messages (IMs), Web blog postings, etc.
  2. Data in Use – Monitoring how data is used or misused at endpoints, preventing,
    for example, the downloading of data from a laptop to a USB flash drive
    (when such action is prohibited by policy).
  3. Data at Rest
    Enabling the application of enterprise information polices to data stored on
    enterprise networks and endpoints.


While cost is a factor in the selection of any enterprise product, the price
of a DLP solution is often insignificant when compared to the expense of NOT
having DLP capabilities. DLP, after all, is a defense against:

  • Million dollar fines, which might be levied by federal and state
    regulators in the event of a sensitive data leak.
  • The loss of stakeholder trust, as occasioned by the loss of personally
    identifiable information (PII) – a loss that might translate into fewer
    customers and less revenue.

In this environment, many enterprises opt for the DLP solution with the best
features, and the best pedigree; in the latter case, a provider like Symantec with a proven data security track record.

Governmental Mandates

The growing popularity of data loss prevention is being driven by
governmental mandates: laws, regulations, and statues, especially in the
Financial and Healthcare industries, that:

  • Demand strict adherence to data security and privacy standards.
  • Require public disclosures of sensitive data breaches.

The European Union (EU) General Data Protection Regulation (GDPR), which went into
effect in May 2018, promises to be a major influence in the development of DLP

Leak Opportunities

The concept of data loss prevention is important because the opportunity for
sensitive data to literally leak out of the enterprise is growing as more
avenues of enterprise access are being established. In today’s information
"ecosystem", data is being sent and received by means unknown even a few years
ago, modes such as:

  • Texting and instant messaging (IM)
  • Social networking, as with Facebook and Twitter
  • Smartphones, representing, for some, the "consumerization" of IT
  • Tablets, like Apple’s iPad
  • Virtual machines, in which one server "image" communicates with another
    server image
  • Data movement to and from the cloud

A modern DLP solution must prevent data loss across all these interfaces.

Implementation Issues

According to analyst
Brian Reed, DLP implementations can be problematic. For example:

  • "Organizations still struggle with communication between data owners and those
    responsible for administering DLP systems, leading to technology-driven – rather
    than business-driven – implementations.

  • "Many clients who deploy enterprise DLP systems struggle to get out of the
    initial phases of discovering and monitoring data flows, never realizing the
    potential benefits of deeper data analytics or applying appropriate data

  • "DLP as a technology has a reputation of being a high-maintenance control – incomplete deployments are common, tuning is a never-ending process, lack of
    organization buy-in is low, and calculations of ROI are complex.

  • "DLP simply does not protect all data nor cover all loss scenarios, and
    prevention of a data flow is not always attained or even desired by an
    organization. The simple fact is many organizations bought an enterprise DLP
    system and simply used it for a subset of its full capabilities, with the two
    most common use cases being to address some regulatory compliance requirement or
    to monitor the movement of specific intellectual property.

  • "Very few of the vendors in the enterprise DLP market even acknowledge that they
    are trying to solve a DLP problem – most have taken a shift toward employee
    monitoring, insider threats and user behavior analytics as their primary focus."4

Market Leaders

[return to top of this report]

Among the leading data loss prevention providers are:

  • Symantec
  • Forcepoint
  • Digital Guardian
  • McAfee5


Symantec offers:

  • Data Loss Prevention – Secures vital information and prevents
    data leaks on-premise, mobile, or in the cloud.
  • Data Loss Prevention Cloud Service for Email – Helps enterprises
    quickly move their email to the cloud without compromising security by
    combining data loss prevention and email security.
  • Data Loss Prevention Cloud and Symantec CloudSOC – Eliminates
    data loss blind spots in cloud apps via an integrated cloud security
    offering that combines DLP and Cloud App Security Broker (CASB)


Forcepoint Data Loss Prevention (DLP) helps employees:

  • Employees Discover and Control All of Their Data – Empowers
    employees to work across devices, connect to multiple networks, and work
    within cloud apps with Forcepoint Data Loss Prevention (DLP).
  • Employees Securely Share Data With Third Parties – Controls and
    encrypts their data when it moves outside the enterprise.
  • Administrators Identify Their Riskiest Users in Seconds – Reduces
    false positives and isolates problems faster using Incident Workflow.

Digital Guardian

Digital Guardian Endpoint DLP finds, understands, and protects all data
types including structured data such as PII and unstructured data such as
intellectual property.

A comprehensive context and content awareness capability sees events at
the system, user, and data level. This broad perspective enables more
effective visibility and DLP controls for all of an organization’s sensitive


McAfee Data Loss Prevention Monitor (McAfee DLP Monitor) is a
high-performance data loss prevention solution that can analyze all internet
communications and determine if information is going where it shouldn’t. It
helps an enterprise minimize the workload for its security team, meet
compliance requirements, and safeguard intellectual property and other vital

McAfee DLP Monitor is available as a hardware appliance with the
option of a virtual appliance.

[return to top of this report]

Market Growth

The global enterprise DLP market should witness a compound annual growth rate
(CAGR) of 16.28 percent over the period from 2018 to 2023, increasing from
$1.198 billion in 2018 to US$2.546 billion by 2023.6

Gartner believes "over the next few years, DLP will evolve to form a core set
of capabilities that will be available within specific cloud infrastructures and
applications, and even embedded into client operating systems. We are
already seeing this with Microsoft’s approach to securing information within
Office 365 and Azure Information Protection."7

DLP Prospects

According to Forrester Research, "The DLP
suite market continues to grow because more [security and risk] pros see DLP as a way to enforce
policies for compliance, privacy, and intellectual property (IP) protection.
This market growth is largely because DLP suites can provide DLP capabilities
across all channels of data loss under a single console to apply consistent

suites evolve, improved IP protection, information management, and endpoint
visibility and control capabilities will dictate which providers will better
meet changing enterprise demands. Capabilities such as inspection of encrypted
data and traffic continue to be important. Vendors that can provide these
capabilities will deliver a comprehensive data protection suite that goes beyond
traditional DLP."8


[return to top of this report]

Must-Have Security

The future of data loss prevention software is bright, since:

  • The promise of regulatory compliance holds a strong attraction for
    enterprise executives.
  • The failure to deploy a data loss prevention system or service might be
    considered negligent from a technical and fiduciary perspective; in
    the same way that failure to deploy a robust anti-virus application or
    intrusion prevention system would be deemed intolerable.

Data Classification

The only major impediment to implementing a DLP solution is establishing
and enforcing a data classification policy – something that many enterprises
have successfully avoided. Since data loss prevention programs are
designed to protect sensitive data, an enterprise must define which data
elements fall within that category. As a starting point, enterprise
officials should consider their regulatory obligations, like
Sarbanes-Oxley or HIPAA. They should then address the classification
of personally identifiable information (PII), both employee and customer. Finally, they should determine what constitutes a "trade secret" or other form
of proprietary data.

Flexible Response

From an administrative perspective, the acceptance of DLP solutions will
depend on the flexibility of their response options. Data loss prevention tools should be capable of a tiered response to data
security violations, such as:

  • Alert the data administrator.
  • Offer the data user an opportunity to explain and/or
    correct a potential violation (self-remediation).
  • Block the offending transaction.

Pilot Program

The capabilities of a particular DLP solution must match the characteristics
of the enterprise information ecosystem it supports, especially for the
protection of data in motion. For example, an enterprise that relies on
smartphones for business must select a solution that promises reliable data loss
prevention for smartphones and other mobile information devices. To ensure
the right choice, prospective enterprise customers should institute one or more
pilot programs where they can weigh the usability, effectiveness, and
performance of competing DLP brands.

DLP Does Not Operate In Isolation

Data loss prevention software is designed to augment other data
protection technologies; in particular, backup and recovery.

Data loss prevention is just one element in a defense-in-depth strategy that
every enterprise should employ. As Gartner observes, DLP "is not the
answer for every conceivable means of data loss or theft. At present, even
with extensive DLP coverage across endpoints,
networks and data repositories, there are still gaps and data flows where data
can leak."9

[return to top of this report]


About the Author

[return to top of this report]

James G. Barr is a leading business continuity analyst and

business writer with more than 30 years’ IT experience. A member of

"Who’s Who in Finance and Industry," Mr. Barr has designed,

developed, and deployed business continuity plans for a number of Fortune

500 firms. He is the author of several books, including How to

Succeed in Business BY Really Trying, a member of Faulkner’s Advisory

Panel, and a senior editor for Faulkner’s Security Management

Practices. Mr. Barr can be reached via e-mail at

[return to top of this report]