Single Channel DLP “Excluded” from Gartner DLP MQ?
There is some chatter in and out of DLP circles about “single channel DLP” solutions. The question is, should these solutions be included in that exclusive fraternity of solutions known as DLP or should the definition of DLP be altered to allow their inclusion?
By way of definition, single channel DLP would be solutions that do not address the generally-accepted DLP requirements of network, endpoint and discovery (aka data in motion, in use and at rest). Specifically, there have been some mentions of single channel DLP in the following articles/posts on the Internet:
Network World article by Ellen Messmer in which “Single Channel DLP” is mentioned
In the Network World article, the term single channel DLP is attributed to Gartner and described as “a second track for DLP…which often focuses on the sole task of monitoring e-mail and attachments and ensuring e-mail encryption is properly used.” Eric Ouellet is quoted as saying, “What we’ve learned over five or six years is that organizations overall seem to be buying more DLP than they need for the real-world case. Routinely, they do not deploy all of the components within the two- to three-year timeframe.”
My interpretation of Ouellet’s comments combined with the reference to single-channel DLP, is that such a solution may be suitable for some companies, given the fact that some organizations do not deploy all channels (network, endpoint and discovery) during the course of a two- to three-year deployment.
The LinkedIn DLP Forum post includes a comment from Joshua Block, vp bizdev at Safend, lamenting the fact that to use a definition of DLP as solutions that cover *all* channels (unfairly?) excludes “a large number of vendors.” Single channel DLP vendors were, in fact, left out of the recently-released 2010 Gartner Magic Quadrant for Content-Aware DLP. One requirement for inclusion in this MQ is that solutions be able to “detect sensitive content in any combination of network traffic, data at rest or endpoint operations.” The simple fact is that single channel DLP solutions do not provide this functionality.
Joshua goes on to say that many single-channel DLP solutions partner and/or OEM in order to provide complete coverage of network, endpoint and discovery. I say vendors who partner or OEM in order to provide complete DLP channel coverage should be included in future DLP comparisons, however, these vendors will need to keep in mind, they’ll be going up against solutions with full integration between all channels. Sometimes no showing at all in an analyst review is better than a poor showing.