We are an industry of Three Letter Acronyms (TLAs). Everyone tries to categorize what they do with them.
Some like ERP stick around for years, while others like Enterprise Optical Networking (EON) come and go without much fanfare. On occasion, however, the industry creates a TLA to define an industry trend, but as the market and technology develop the TLA no longer fits.
This explanation aptly describes the situation with Data Loss Prevention (DLP). A few years ago, DLP vendors like Vericept and Vontu made hay by providing a network-based gateway appliance that would scan IP packets looking for confidential data "leakage." When evil Joe in accounting tried to send a spreadsheet of customer credit card numbers to his Hotmail account, DLP boxes could detect and prevent this type of malicious behavior.
Given this heritage, the DLP acronym was appropriate circa 2005, but not in 2008. Why? Gateway DLP packet filtering devices are only part of the story; today's DLP vendors do a heck of a lot more. Tablus is an expert at data discovery. Vericept excels in data classification. Orchestria is really good at policy management and enforcement. As part of Symantec, Vontu is focusing on integrating DLP functionality with other IT operations tasks. Finally, some vendors like Trend Micro and McAfee eschew the network altogether and focus on endpoints.
So if DLP doesn't fit anymore, what does? My colleague Charlotte Dunlap and I suggest we borrow another acronym and re-name this category Data Governance, Risk, and Compliance (DGRC). To us, this covers everything that's needed in the data lifecycle data including creation, classification, and policy management/enforcement. Typically, only Gartner acronyms stick, but Charlotte and I have our fingers crossed.
In all seriousness, many large organizations have no idea how much confidential and private data they have or where it is stored--a pretty scary thought. Given this problem, gateway filtering devices aren't enough. We need DGRC policies, processes, and technologies across all data around the enterprise. We need a new acronym that aptly describes this situation, even if it's actually four letters.
Just last week I wrote a blog that described the ongoing market consolidation around data loss prevention (DLP) and its effect on market leader Vontu.
The blog titled, "High noon for Vontu?", was generally accurate but I got the details wrong. Rather than high noon, it turned out to be midnight on New Year's Eve for the Vontu team: investors got to party like it was 1999 this week when Symantec acquired Vontu for $350 million.
It was a pretty sure bet that Symantec would buy a DLP company, but why Vontu? After all, other security leaders--for example, EMC/RSA, McAfee, Trend Micro, and Websense--went "bottom fishing" and grabbed DLP technologies instead of well-established sales, marketing, and customers.
Symantec decided to swim against the tide because it valued the Vontu enterprise installed base. Like Veritas, Vontu opens enterprise doors for Symantec. The difference is that Vontu opens a door on the security side of the house, making it easier for Symantec to pitch its other IT risk-management and governance products and services.
Aside from DLP, Symantec gains a whole bunch of other complementary product and business opportunities. So all in all, it looks like a good deal. The biggest challenge for Symantec will be reining in Vontu's cowboy culture without squashing its aggressiveness and sales execution. If Symantec can do this, it should get the ROI and synergy it is looking for.
Finally, from a philosophically perspective, this deal is a microcosm of the state of the technology industry today. Last Friday, industry pundits were still criticizing Symantec for missing the DLP market. On Monday, Symantec bought Vontu and became the DLP market leader.
- prev
- 1
- next
