The Burton Group have released the results of their research that concludes that Symantec (Vontu), RSA (Tablus) and Websense (Port Authority) are the leading DLP vendors.
Burton’s choice is indicative of the Americanization of the information security space, where government compliance regulation and large security vendor marketing agendas appear to drive US customer security decisions. (Note that compliance is not equivalent to security for several fundamental reasons as I noted in my post Compliance is the new security standard)
Outside the US, the story is a bit different.
We hardly encounter RSA in EMEA as a DLP solution – RSA Security have the largest development group dedicated to data loss prevention and that counted for a lot in the Burton study. I’m not sure why. Great software today is usually written by small teams, I would not equate number of programmers with quality of software.
I recently met Bill Nagel from Forrester and he told me that in a seminar that Forrester ran recently (September 09) in Holland – none of the CISO’s at the seminar were planning a DLP implementation this year and only 20% were considering a DLP implementation in 2010.
Clients I speak with in EMEA are less interested in enterprise information protection (although the advantages are patently clear, the technology is patently not there yet…) and more interested in exploring tactical solutions like DLP “Lite” – monitoring SMTP and HTTP channels for data security violations and using that information to enforce business process and improve employee behavior.