Data loss prevention is something that all CEOs worry about and if they don’t, they should. Just ask AMD, which last week charged four former employees with taking trade secrets over to rival Nvidia.
What company that does not have sensitive information — source code, customer lists, blueprints, M&A plans — that it doesn’t want walking out the door on someone’s USB drive? Those fears are exacerbated by the bring-your-own-device (BYOD) tidal wave, in which employees use personal smartphones and consumer cloud services like Dropbox to store work documents — even when forbidden to do so.
In theory, DLP should keep bad guys from stealing stuff in the first place but is often more likely to help catch them faster, minimizing damage, and to provide a detailed audit trail of who took what and how. That is important. The problem is that most DLP solutions to date are on-premises solutions that are complicated, time consuming and expensive to deploy.
Now, Verdasys, a Waltham, Mass.-based company that helped pioneer a cloud deployment model for DLP is offering less expensive DLP managed services for smaller companies that can’t afford the traditional DLP. This week it’s opened up that service globally by bringing non U.S.-based cloud suppliers online. Competitors include BEW Global, a systems integrator that deploys and manages DLP clouds using Symantec McAfee, RSA or other technologies.
By making DLP technologies available as managed services or via a software-as-a-service model, vendors make sure customers are working with latest technologies to meet fast-changing threats, according to Edward Ferrara, principal research analyst for security and risk professionals for Forrester Research.
And, the availability of cloud-based DLP also makes it more affordable both to the huge enterprises — big aerospace companies and car makers — that are typical DLP customers, as well as to smaller organizations. Many smaller suppliers in the aerospace business, for example, cannot subcontract with the big vendors unless they deploy approved DLP. Last year, Gartner estimated that a typical DLP rollout costs $350,000 to $700,000 but can go much higher.
Getting DLP from an off-premises cloud (Verdasys uses private Rackspace clouds for most geographies) can cut time and cost of DLP deployment down to $100,000 per year and perhaps less, depending on company size compared to traditional on-premises DLP approaches, Verdasys said.
While trusting an outside cloud for internal security seems illogical, Bill Munroe, VP of marketing for Verdasys, says it makes sense. Verdasys does not collect the actual data itself. Rather, it aggregates the metadata about the files and documents and watches for patterns of activity. Sensors placed on every piece of the network watch the data move around, collects that metadata, encrypts it and sends it up to the cloud.
“It may see a Word document with credit card numbers on it or a CAD file — it looks at it but it doesn’t send the actual file up — just the data about the file,” Munroe said. The patterns collected are not just about the data but the user, the machine used, the file type and the application in use.
Verdasys customers include CDI Corp., a Tempe, Ariz. aerospace company that works with GE Aerospace.
DLP is just one of several new application areas starting to move to the cloud — via a managed service or SaaS model. And that means that many more businesses — with security concerns of their own — will be able to take advantage of the technology at an affordable price.