FCW.com, VA
07-17-06
Critical data loss from within spawns new market
Outbound content compliance segment expected to hit $2 billion by 2009
BY David Hubler
A shift in information security practices — companies are moving from firewalls
that keep external intruders out to systems that keep proprietary data in — has
created a small but growing market for federal agencies and information
technology providers.
IDC, a market research firm, calls this market segment “outbound content
compliance” and predicts sales will grow from $50 million this year to almost $2
billion by 2009.
Doug Jacobson, associate professor of electrical and computer
engineering at Iowa State University and director of the school’s Information
Assurance Center in Ames, said thieves can profit from attempts to illegally
collect proprietary and personal data.
“What we’re seeing now that we didn’t see five years ago is that information like
that can be turned into money,” Jacobson said.
Companies used to think that if they bought better firewalls, their data would be
more secure, he said. “That is what we’ve been doing for the last several
thousand years as a society,” he said. “We build walls and we hide inside and we
keep other people out.”
But technology now facilitates an easy flow of information, especially outward. In
addition to keeping hackers out, security technology needs to prevent insiders
from exporting inappropriate data.
Nevertheless, he said, the outbound content compliance market contains fewer
than 10 vendors. Jacobson said that from February 2005 to November 2005,
organizations reported more than 51 million cases of lost personal information via
stolen laptop PCs and other hardware, network breaches, or accidental
disclosure.
“The whole public awareness of this data leakage problem has resurfaced,” he
said, and not only because of the recent theft of a Department of Veterans Affairs
laptop that contained personal data on more than 26 million veterans and their
families.
In less well-known incidents, he said, sometimes 10,000 files are lost or stolen.
“That’s not 26 million, but if you’re one of the 10,000, it’s a big problem.”
In a recent study by Deloitte Touche Tohmatsu, more than half the technology
companies surveyed said they had had security breaches in the past 12 months,
and most of them admitted they had not taken aggressive action to prevent future
incidents.
“Addressing the insider threat is becoming more complex,” said Brian Burke,
manager of IDC’s security products and services research. In the past, outbound
content was mostly in the form of e-mail messages. Now many employees to
carry sensitive information on mobile devices.
Proofpoint, a three-year-old messaging security company in Cupertino, Calif.,
found that almost 35 percent of the companies it queried said their business had
been adversely affected by the exposure of sensitive or embarrassing
information in the past year.
Keith Crosley, director of market development at Proofpoint, estimated that about
one-third of the company’s business now involves internal content security. In its
own survey, Proofpoint found concern for protecting identity and financial privacy
rose from 64.3 percent in 2004 to 71.1 percent in 2006.
“Leak prevention isn’t just about e-mail,” he said. Companies and government
agencies are interested in preventing data losses via FTP, instant messaging,
and blog and message board posts, he added.
Until recently, health care and financial services were most active in the market.
But in the past year, Crosley said, companies are looking to protect customer
and client information from a best practices perspective. “The regulatory issues
are secondary,” he said.
Proofpoint’s clients include defense contractors and government agencies such
as the U.S. Agency for International Development. He said new business is
coming from state and local governments as chief information officers start to
focus on ways to standardize outbound content compliance solutions.