Critical data loss from within spawns new market

Outbound content compliance segment expected to hit $2 billion by 2009

A shift in information security practices — companies are moving from firewalls that keep external intruders out to systems that keep proprietary data in — has created a small but growing market for federal agencies and information technology providers.

IDC, a market research firm, calls this market segment “outbound content compliance” and predicts sales will grow from $50 million this year to almost $2 billion by 2009.

Doug Jacobson, associate professor of electrical and computer engineering at Iowa State University and director of the school’s Information Assurance Center in Ames, said thieves can profit from attempts to illegally collect proprietary and personal data.

“What we’re seeing now that we didn’t see five years ago is that information like that can be turned into money,” Jacobson said.

Companies used to think that if they bought better firewalls, their data would be more secure, he said. “That is what we’ve been doing for the last several thousand years as a society,” he said. “We build walls and we hide inside and we keep other people out.”

But technology now facilitates an easy flow of information, especially outward. In addition to keeping hackers out, security technology needs to prevent insiders from exporting inappropriate data.

Nevertheless, he said, the outbound content compliance market contains fewer than 10 vendors. Jacobson said that from February 2005 to November 2005, organizations reported more than 51 million cases of lost personal information via stolen laptop PCs and other hardware, network breaches, or accidental disclosure.

“The whole public awareness of this data leakage problem has resurfaced,” he said, and not only because of the recent theft of a Department of Veterans Affairs laptop that contained personal data on more than 26 million veterans and their families.

In less well-known incidents, he said, sometimes 10,000 files are lost or stolen. “That’s not 26 million, but if you’re one of the 10,000, it’s a big problem.”

In a recent study by Deloitte Touche Tohmatsu, more than half the technology companies surveyed said they had had security breaches in the past 12 months, and most of them admitted they had not taken aggressive action to prevent future incidents.

“Addressing the insider threat is becoming more complex,” said Brian Burke, manager of IDC’s security products and services research. In the past, outbound content was mostly in the form of e-mail messages. Now many employees to carry sensitive information on mobile devices.

Proofpoint, a three-year-old messaging security company in Cupertino, Calif., found that almost 35 percent of the companies it queried said their business had been adversely affected by the exposure of sensitive or embarrassing information in the past year.

Keith Crosley, director of market development at Proofpoint, estimated that about one-third of the company’s business now involves internal content security. In its own survey, Proofpoint found concern for protecting identity and financial privacy rose from 64.3 percent in 2004 to 71.1 percent in 2006.

“Leak prevention isn’t just about e-mail,” he said. Companies and government agencies are interested in preventing data losses via FTP, instant messaging, and blog and message board posts, he added.

Until recently, health care and financial services were most active in the market. But in the past year, Crosley said, companies are looking to protect customer and client information from a best practices perspective. “The regulatory issues are secondary,” he said.

Proofpoint’s clients include defense contractors and government agencies such as the U.S. Agency for International Development. He said new business is coming from state and local governments as chief information officers start to focus on ways to standardize outbound content compliance solutions.


About the Author

David Hubler is the former print managing editor for GCN and senior editor for Washington Technology. He is freelance writer living in Annandale, Va.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Shutterstock image: looking for code.

    How DOD embraced bug bounties -- and how your agency can, too

    Hack the Pentagon proved to Defense Department officials that outside hackers can be assets, not adversaries.

  • Shutterstock image: cyber defense.

    Why PPD-41 is evolutionary, not revolutionary

    Government cybersecurity officials say the presidential policy directive codifies cyber incident response protocols but doesn't radically change what's been in practice in recent years.

  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group