Digital Guardian asked a bunch of security experts (including me) for their predictions on where the Data Loss Prevention (DLP) market was going in 2016 and beyond. They collected 21 responses in a report on their blog. It’s an interesting read. A lot of us pointed to cloud, BYOD, and IoT as trends that would require change in how the market approaches the DLP problem. As I put it:
Cloud services for bread and butter functions like email and calendar are getting increased traction, a lot of it driven by Microsoft Office 365 as a replacement for on-premises Exchange servers. … [as] companies leverage the other services that come with Office 365, including SharePoint, OneDrive (cloud storage), Yammer (social media and microblogging), and other services. All of these move enterprise data and disclosure risk out of the enterprise.
In addition, despite policies to the contrary, enterprise users put data into cloud storage services. While Box, Dropbox, Microsoft, and Google all have enterprise offerings that allow companies to set up sanctioned file sharing services, users still persist in storing data in unapproved repositories.
There are a number of approaches out there, either for trying to secure data in cloud services, or baking DLP into enterprise applications such as Microsoft Office.
Clearly there’s going to be a market transformation and shakeout as we move towards DLP 2.0.
About Andy Sherman
Andy Sherman, Eden Technologies’ security practice lead has a PhD in physics from Rensselaer Polytechnic Institute and started his career in the academic world. He then went to AT&T Bell Laboratories where he discovered the power – and hazards – of large distributed computer networks. It was also at Bell Labs, during the early days of the Internet, that Andy became interested in the security problems associated with public networks. From Bell Labs Andy moved to the financial services industry. There he worked on a large range of infrastructure design, deployment, and management projects, but is best known for his 15+ years in information and technology security.