Content-aware technologies.
Brian Prince of eWeek published an article on the similarities of Database Activity Monitoring and Data Loss Prevention shook me from my morning calm.
Brian is on target with his opening statement,
that DAM & DLP are both trying to protect data and they work in/on
a separate area of the IT infrastructure. And I could not agree more with the ending quote by Mark Nicolette of Gartner that "We expect a few acquisitions of DAM vendors by large vendors that have DLP technology …" I agree because Data Security, from the customer perspective, is viewed as a single problem. They do not differentiate between data theft at the database, file server, network or application level. They
want a unified solution to deal with insider and external threat and
not worry about the vagaries of packet inspection on the network or
agent based issues. What is more, it is far more
appropriate to develop a single data security policy and deploy it to
the software/appliances that actually perform the inspection. The
industry needs to consolidate to provide a unified security strategy
for customers who really don’t care about the widget that gets the work
done, just that it gets done.
So my quibble with this article
… and you probably could guess this was coming … is the quotes are
disjointed, somewhat contradictory and (from my perspective) misses the
state of the industry. Here is what I mean, and while I have a lot of respect for Paul Proctor, I find this befuddling: "DAM
[Database Activity Monitoring] and DLP tools will not likely become one
product because they have different buying centers and purpose, but DAM
tools will likely become content-aware."
I think DAM and DLP as tools will in fact coalesce for the reasons stated above. Business
rules and policies, coupled with whatever dashboard to review reports
and status is a likely customer interface, and the data collection
& analysis tools that sit below should be and will be invisible to the user. Think about who the audience for these tools are and I think you will agree that these products (or tools) do in fact coalesce.
But the issue that really gets
to me … actually annoyed me enough to write this Blog post is as
follows: IPLocks released a Content Monitor product in 2002 to … now
watch for it … Monitor Content! And, before you ask, it really is content aware. We were so happy with the concept we patented it (reference). So I can say with a high degree of certainty it is more than ‘likely’ to happen, it happened a long time ago. And I believe there might be another vendor out there today who offers it as well. We thought that a Meta Data monitor, to watch some of the quasi-data and structural changes was a nice complement as well. No disagreement that there is value in content monitoring, just seems appropriate to be talking about the vendors who offer it today as opposed to speculating as to it’s value in DAM solutions.
And I want to offer what I
consider to be a slight clarification on a comment from Ted Julian "We
think its critical customers can discover sensitive data automatically,
even on databases they don't know they have," Julian
continued. "Network appliance-based solutions just aren't practical in
this regard, simply way too cumbersome and expensive."
Data discovery is different than content sensitive DAM. More to the point, there are several forms of data discovery, but typically it is either an active interrogation of the database to discover sensitive content or a passive monitoring of the network for content. A network based appliance can work well in this later regard, in fact I think most of the DAM vendors say they provide this, but I have no argument that it is a little more unwieldy for the former methodology.
Comments