Hacking Book | Free Online Hacking Learning


market analysis of data leakage prevention (dlp) in china in 2018 - safety village

Posted by chiappelli at 2020-03-14

DLP, that is, data leakage prevention, originated in foreign countries, mainly based on content identification detection audit. Domestic DLP has experienced nearly 20 years of development so far. The driving force of its development mainly comes from the government military industry and manufacturing enterprises. It has strong protection and high security characteristics, and gradually formed a protection scheme with mandatory encryption as the leading factor in line with national characteristics. In recent years, in terms of policy, the state has given strong support to DLP. Meanwhile, the market presents strong demand for DLP. The field of DLP has been continuously concerned by Gartner and maintained strong growth forecast.

In terms of policies, in recent years, the state has continued to enhance its support for DLP in terms of policies, further stimulated the vitality of DLP market, formulated various standards and regulations, and clarified the protection of state secrets, business secrets and personal privacy. In the technical guidelines for the protection of business secrets of central enterprises, it is clearly proposed to take data security as the core, and in the new version, the requirements of "business secret security protection monitoring" are added to further optimize the comprehensive and systematic data security protection. The maturity model of big data security capability, developed by the National Information Security Standardization Technical Committee and other departments in collaboration with all parties, is used to evaluate the data security capability of the organization, find out the short board of data security capability, check the leakage and make up the deficiency, so as to improve the overall security management level and competitiveness of big data industry. "Promote classified and classified management of information assets and strengthen the protection of sensitive information" is proposed in the regulatory guidance for the 13th five year plan of China's banking information technology. The law of the people's Republic of China on network security, which came into force on June 1, 2017, requires relevant provisions in Articles 10, 18, 21 and 42 to prevent data leakage or theft, and to take measures such as data classification, important data backup and encryption; to ensure the safety of personal information collected by them and prevent information leakage and loss. Article 9 of the personal information protection law of the people's Republic of China (Draft) submitted by the two sessions in 2017 specifies that network operators should take technical measures and other necessary measures to ensure the safety of their collected personal information and prevent information leakage, damage and loss. In addition, a series of laws and regulations, such as the commercial bank law, the securities law and the insurance law, have made clear provisions on data leakage prevention.

In terms of market, at this stage, the State implements the strategy of building a strong manufacturing country and puts forward made in China 2025, which requires the Chinese manufacturing industry to closely focus on key links in key manufacturing fields, carry out integrated innovation and engineering application of the integration of new generation information technology and manufacturing equipment, establish intelligent manufacturing standard system and information security assurance system, and build intelligent manufacturing network system platform; requirements To improve the quality and efficiency of China's manufacturing, we need to shift from made in China to intelligent manufacturing and even to creation in China, and from a manufacturing power to a manufacturing power. At present, China's high-speed rail, nuclear power and other fields have occupied the commanding heights of international science and technology, and are moving from home to abroad. Central enterprises' investment in scientific research in these two fields is increasing year by year, and patents and achievements are constantly emerging, so it is particularly important to strengthen the protection of intellectual property rights. As a high-tech industry, the advanced technology is highly demanding. In the process of going out, the protection requirements for intellectual property rights are also very high. Under the background of implementing the national big data strategy, the development of big data is changing with each passing day. The state requires to ensure data security, build a digital China, strengthen the security protection of key information infrastructure, strengthen the protection ability of national key data resources, enhance the data security early warning and traceability ability, and increase the protection ability of technical patents, digital copyrights, digital content products and personal privacy Degree. In the report of the 19th National Congress of the CPC, it was proposed to deepen supply side structural reform and promote the deep integration of the Internet, big data, artificial intelligence and the real economy. To sum up, in a specific social and historical period, the DLP market puts forward higher requirements for data protection. Internet enterprises and communication enterprises have established internal DLP security system in terms of data security; the communication industry has also formulated industry data classification and classification standards to protect data. The use of data to promote the protection and improvement of people's livelihood, the use of data to enhance the comprehensive national strength of the country, and the high added value of data itself determine that the protection ability of key data resources must be enhanced, and the security of state secrets, trade secrets and personal information must be protected.

To protect data security, one is information level protection / level protection, the other is direct protection against data leakage through DLP, which is also an effective protection method widely used at present. DLP data leakage prevention, in the technical route, there are significant differences between domestic and foreign DLP. Foreign DLP focuses on detection and audit, while domestic DLP focuses on encryption and protection. In terms of connotation, foreign DLP is the abbreviation of data loss prevention, focusing on the unconscious data leakage behavior of internal personnel (in line with the loss of loss of loss); domestic DLP tries to move towards internationalization in name, but the more suitable translation is data leakage Prevention focuses on the forced protection of both internal personnel and external hackers, whether consciously or unconsciously. Obviously, leakage covers a wider range. Although there are significant differences in DLP at home and abroad, they do not negate each other. Foreign DLP has its own geographical characteristics and advantages, but also has inherent shortcomings and pain points. In terms of leakage prevention, compared with domestic DLP compulsory encryption protection, the strength is weak, and the demand for strong protection in the market is slightly rough. After several serious leaks, foreign DLP gradually sensed the necessity and urgency of strong protection. In terms of technical route, the trend of forced encryption to domestic DLP is more and more obvious.

Throughout the DLP market at home and abroad, Gartner has been optimistic about the development of DLP market since 2008. 1) In the Magic Quadrant report of 2008, Gartner pointed out that data governance, as a driving force of DLP market, has a very rapid growth. The total market value in 2006 was about 50 million US dollars, in 2007 it was 120 million US dollars, and in 2008 it will reach 200-250 million US dollars. 2) In 2010, Gartner predicts that most organizations will probably deploy good enough DLP, and the DLP market will reach US $400 million by 2011. 3) In the 2013 report, Gartner pointed out that in the past seven years, the enterprise content aware DLP market has experienced steady growth, from 2010 (US $300 million) to 2011 (US $425 million) to 2012 (US $535 million). Gartner estimates that the market will reach $670 million in 2013. 4) In 2016, Gartner expects organizations that implement at least one form of DLP to grow from 50% today to 90% by 2018. 5) In the 2017 report, Gartner pointed out that the total DLP market in 2016 was about $894 million, with a compound annual growth rate of 9.8%, and it will reach $1.3 billion by 2020. Similarly, IDC forecasts the incremental market for DLP. In the IDC report of 2010, it is pointed out that the demand for data leakage prevention (DLP) in the enterprise market will be greatly developed in the next two years; in the top 10 forecasts of China's IT security market in 2013, it is pointed out that DLP data leakage prevention will continue to be a hot spot. According to the research report, the global network security solution market will grow to 870 million US dollars in 2017.

Although authoritative forecasters are optimistic about the development of DLP market for a long time, in fact, from the perspective of the growth process of DLP, DLP market has not really achieved the expected development in scale and speed, which is the same both at home and abroad. The main reason for this phenomenon lies in the mismatch between demand and supply. To solve the contradiction between supply and demand, DLP at home and abroad need to learn from each other continuously. With the continuous improvement of national policies and regulations in the field of DLP, as well as the strength and clarity of market demand, domestic DLP has three characteristics at this stage: inheritance, integration and innovation.

Under the strong protection demand driven by manufacturing industry, domestic DLP has developed the endpoint control technology scheme dominated by mandatory encryption. This means of protection is safe and effective. In a long historical period, it effectively protects data security. In the process of enterprise development, especially in the critical growth period, it is the cornerstone of enterprise development to effectively protect the secrets of core technologies. Over the years, the domestic DLP market has continued to pay high attention to strong protection schemes. Similarly, taking the representative DLP digital guardian (DG) abroad as an example, DG enters the Gartner leader quadrant with its strong endpoint DLP protection capability. Endpoint strong encryption protection is the main protection means of DLP in China. In the history and even in the future, it will continue to play its significant advantages and continue to inherit in the field of DLP.

Under the strategy of digital economy in the new era, digitalization, networking and intelligence are developing rapidly. The idea of strong protection of DLP in China needs to keep pace with the times. On the basis of adhering to the strong protection of sensitive data, integrating the ability of content recognition, further enhancing the pertinence of data protection, practicing the improvement of quality and efficiency, and changing from extensive type to fine type. The integration of DLP is not only reflected in the integration of domestic DLP to foreign DLP, but also in the integration of foreign DLP to domestic DLP. Taking foreign representative DLP Symantec as an example, in the latest 15 versions, the significant features of the new version are to integrate ice strong encryption, ICT sensitive file marking, and strengthen endpoint monitoring and control. This is also the reflection of DLP from market demand to DLP products.

In the new era, on the basis of deep integration with foreign DLP, domestic DLP needs to continue to innovate in the following aspects: 1) content identification innovation, including artificial intelligence AI; 2) new technology innovation, including cloud access security CASBS (cloud access security) Brokers), ueba (user and entity behavior analysis); 3) management innovation, such as MSP (managed security program).

In the field of DLP, the outstanding advantage of AI at this stage is data classification based on AI to solve the contradiction of classification management under big data, and to prevent data leakage based on data classification, so as to reduce false alarm and false alarm of content recognition. At present, artificial intelligence technology is still in the stage of rapid development, and its gain to DLP field will also be improved with the breakthrough in technology.

CASBS for cloud security have mature SaaS applications in foreign countries, such as salesforce, square, etc. the development of CASBS in foreign countries is booming. The development path of SaaS in China is not smooth. From 2012 to 2013, it really began to enter the mainstream field of vision. By 2015, it won the favor of the capital market, but then it fell into a downward trend. At present, the volume of SaaS in China is still small, and the proportion of safety is relatively lower, so the development of SaaS is still very difficult. As a natural extension of the cloud, CASBS has limited development at present. The real rise of SaaS in the future may set off a new opportunity for the development of CASBS.

User entity behavior analysis ueba, with the application of big data, has a prominent advantage in the field of DLP. In 2017, ISC focused on the theme of "everything changes and people are the yardstick of security", emphasizing that people are the root of all security. Ueba is a new security system of human + system. Any practice can be divided into subject, object and behavior. In DLP practice, the corresponding elements are people, data and how to operate. Traditional ueba does not focus on the data itself, but only on the collection of a large number of logs. Traditional ueba's technical ideas make ueba have inherent shortcomings: 1) collecting massive logs, with daily logs more than 100 million, it is more difficult to mine effective data; 2) building models to analyze user behavior; each enterprise has different corporate culture, user behavior is very different, and enterprise management is obviously different. Traditional ueba needs to build models for each enterprise , the modeling time is long, and the model is not universal; 3) collecting information of wide significance, with low accuracy. To sum up, the construction cost of traditional ueba is high, and the cost of later analysis is large. Domestic enterprises using ueba need special operation and maintenance team to implement, which brings about the increase of operation cost. Most enterprises do not have corresponding guarantee conditions. The new generation of ueba, on the premise of considering the basic elements of traditional ueba, transfers the focus from extensive log collection to the log collection of sensitive data, and assists visualization and other analysis and mining methods to reduce operation costs and improve efficiency.

MSP is provided by experts, including policy making, data visualization and control. In order to meet the growing detailed and comprehensive market demand, DLP's own function refinement and division of labor have also entered a deepening stage. This puts forward higher requirements for DLP managers' security expertise. It is less feasible for enterprises to train DLP security experts. MSP provides a way of thinking: DLP suppliers provide security experts, formulate policies for enterprises, provide data visualization and control, so as to obtain the maximum benefits of DLP, reduce the cost of DLP managers, and let users only focus on key core businesses. Digital guardian in Gartner's leadership quadrant, with MSP, has attracted Gartner's continuous attention.

The three characteristics of domestic DLP inheritance, integration and innovation have created the market pattern and competition pattern in the new era of DLP. At present, according to the division of DLP suppliers, domestic DLP can be divided into the following four categories: 1) traditional security companies; the domestic security market has the characteristics of fragmentation, and there are no absolute rulers or 28 rules in each subdivision field. It is difficult to win the favor of users only with the protection of a certain subdivision field. In order to expand the market, some large security companies often establish large and comprehensive product lines through mergers and acquisitions, and declare that all kinds of protection are available. In fact, this kind of DLP has a low share in the DLP market, which is not the main force of the DLP market, and more focuses on network security. 2) Professional security company: there are two kinds of professional security companies, one is the domestic DLP security company, the other is the Chinese regional agent set up by foreign DLP in China. At one time, the latter has been widely used and steadily developed in large domestic enterprises, but in recent years, its market influence has been significantly weakened. The main reasons are as follows: first, with the national independent and controllable strategic promotion and the inclination of national policies, foreign brands have been blocked or marginalized, foreign DLP R & D centers in China have been gradually closed, and sales teams have been greatly reduced. Although such DLP is still active in some industries, it has been in a relatively weak position with the adjustment of national policies and changes of market strategies. Second, foreign DLP re audit and weak protection compared with domestic professional security companies, its technical route determines that such products are not enough to cope with the increasingly severe situation of data leakage. In recent years, foreign countries frequently broke out the famous leak events, which further exposed its weakness in the protection of data security. At present, professional security companies are mainly domestic and local professional DLP security companies. This kind of company starts from the traditional DLP of compulsory protection means, adheres to the core technology route of compulsory encryption, vigorously promotes the protection of data with high strength, and has experienced many years of development and reform. In the new era, it grasps the market dynamics and has significant influence in the market. 3) Innovative security company; innovative security company, with the goal of replacing foreign DLP, whose technical route and functional form are mainly imitated by foreign DLP. The historical background of its germination lies in the fact that foreign DLP is subject to the influence of policies and its domestic market is shrinking. Innovative security company is a small-scale company with characteristics. Its main goal is to fill the vacancy of foreign DLP. Its product line mainly focuses on the protection idea of foreign DLP, and it still has a gap with the strong protection route of domestic professional DLP; 4) integrated service company; integrated service company has accumulated a considerable number of industrial users in history, and its business is not involved in the field of DLP, but Due to the lack of traditional business and low profit margin, the original accumulated industry users show obvious interest in data leakage prevention. Driven directly by the user's demand, such companies have turned to the field of DLP, integrating multiple small products through specific channels. The integration scope covers not only the means of strong encryption of DLP in China, but also the protection ideas of DLP in foreign countries. These companies exist in the DLP market. The market advantage lies in the user group accumulated by nature. The technical advantage is obviously insufficient, and the risk is high to support the large-scale user group.

The market potential of DLP is huge, but there is still a contradiction between DLP supply and DLP market demand, some outstanding problems that are not easy to use and not in place have not been solved, and the quality and technological innovation ability of DLP need to continue to improve. No matter inheritance, integration or innovation, no matter how the technical route is changed, the purpose and landing point of DLP remain the same, that is to implement strong security protection for data, prevent internal personnel from intentionally or unintentionally divulging secrets, and prevent external personnel from illegally stealing. Compulsive and effective data protection is the clear demand of domestic DLP market, and also the strategic advantage of domestic DLP. In the new historical period, domestic DLP inherits the idea of high-intensity protection of compulsory encryption, develops strengths and avoids weaknesses, accelerates integration and innovation, and strives for the DLP market. With the rise of a new generation of DLP, a new round of industry reshuffle has begun quietly. DLP is the place where all the players are fighting for, and the DLP market is also facing a great change. In the future, who can stand out in the technological innovation, who can still stand after the industry reshuffle, and who can stand the actual practice of the market, all need the practice of DLP to prove.

Postscript: This is the nth time to write an article about DLP market analysis and forecast. However, unlike before, this article has been involved in trivial matters for a long time. This article originated from general B's invitation before the end of the year, and general B has plans to publish. Therefore, some analysis and comments of specific companies in the industry, including sensitive and unproven sales data, that are likely to cause controversy, have been deleted from this article And market situation, and focus on the development trend of technology and market demand. As a veteran of DLP industry for 15 years, I regret to insist on it, but as Zeng Guofan said, I have been defeated repeatedly, but I have been defeated repeatedly. Moreover, Gartner has also been super optimistic in many reports over the past 10 years to predict the DLP market. With the company of someone, the road will not be so dark. In the new era created by China, with the continuous promotion of personal information protection legislation and trade secret protection legislation, that ray of sunshine has broken through the sky and waved to us.