Latest Newsletter
Bloor Newsletter: November 2009
Contact Us

Tell A Friend
Send this page to a friend or colleague:


Further Information
If you are interested in any product or service from Bloor:

RSS Feeds

Home > About > Company News > News Item

Nigel Stanley describes the Data Protection market – with three free reports

Published: 07 May, 2008

Three new reports on aspects of the IT security market have been produced by Bloor’s IT Security Practice Leader Nigel Stanley. Each of these is free (subject to registration).

Enterprise Data Protection describes this whole market and where within it the vendors’ products are positioned. It is based around the rigorous Bullseye open methodology for researching IT products and markets (available from the Bullseye Foundation). This provides a standard method for collecting and analysing product and vendor data, and demands a very thorough, consistent and unbiased assessment of an IT market sector and the players and products within it.

Nigel says that while IT security had formerly been focused on securing organisational perimeters, it had been realised that these perimeters quickly broke down through increasing demands of mobile workers, closer business relationships, outsourcing and other organisational challenges. This led to ‘IT security de-perimeterisation’. Concurrently, increased public awareness and global regulations made the consequences of data breaches a significant business issue; so there is greater emphasis on securing the data itself by detecting and protecting the data at risk.

This trend has triggered Nigel’s two market updates. This type of data security is now delivered by two new technologies – data leak prevention solutions and loss protection using encryption...

Data Leak Protection (also called ‘extrusion prevention’ by some vendors) is the term used to describe systems and technologies put in place to stop the loss of data outside the organisation’s control and authorisation – right down to detecting if data is likely to be copied away via e-mail or USB memory stick. Data loss is a prevalent problem which has led many organisations into legal problems and damaged reputations. Clearly prevention is better than remedial action after the event, so this has led to an upsurge in systems - and hence a new market which Nigel here describes.

Data leak prevention technologies can be advanced because they need to determine the validity of a piece of data being moved from one place to another without stopping legitimate business access to the data. Some systems include analysis data traffic patterns over a period of time to determine where data tends to originate and terminate and which users are involved; some also look at the data transfer method(s) (email, USB, CD/DVD and so on) and most detect the use of keywords during the attempted data transmission, picking up obvious candidate terms such as “confidential” and “executive.” Some solutions review data at the network packet level and will analyse a particular file or set of data to determine if its use is appropriate.

Data Encryption is the process of obscuring a piece of data (the plain text) so that unauthorised people cannot view the original information (and is called cipher text). Those people authorised to view the data can be issued with technology (normally a ‘key’) to electronically decrypt it and return it to its original form. Data leak (see above) and data loss prevention are usually synonymous but encryption is one example of data loss prevention but not leak prevention.

Historically, confidential data may only have been handled by a select few executive team members, but this has changed and access by all levels of staff is likely. So a secure, encrypted IT infrastructure is becoming a prerequisite for dealing electronically, especially with many financial and institutional data suppliers such as banks and brokers. Valuable data has frequently been lost or stolen from unprotected laptops, transferred to business partner servers or sent via email to recipients with uncertain security; legislation is now in place to force data owners to publicly disclose if confidential data is lost, but this need is obviated if the data is encrypted.

Nigel Stanley’s Bullseye Report on Enterprise Data Protection, and his two market updates Data Leak Protection and Data Encryption which provide an up-to-date snapshot of these niche markets, are all available for free download (subject to terms).