"The biggest problem that we hear people running into is the inability to enforce security policies consistently across the three different areas of DLP," Yair said.

"If you can't enforce the same policies across all of your systems, then it is almost impossible to make DLP work properly, which is why we're advocating the integrated approach today," Yair said. "If you don't allow credit card numbers to flow across the network, why would you let them be saved to a USB drive? But it does seem that some companies are having this issue."

Other industry watchers downplayed the problem and classified such device control applications as mere cousins of true DLP systems, but admitted that the problems may exist.

"People may have purchased these failsafe tools at the endpoint, and they address an aspect of DLP that involves device control and setting encryption at the endpoint. But that's not really DLP, it's not data-aware, it's more about controlling the periphery of the endpoint," said Devin Redmond, senior product manager of security products and strategy at vendor Websense.

Redmond said many DLP vendors, including Websense, have built APIs to mesh their products with those endpoint tools, and he noted that some of the perceived problems with the device control applications is that they cover such a small piece of the overall data security issue.

"A lot of people who made the move on those failsafes are finding that they won't address the bigger problem, that they don't get into the workflow of understanding the data on the device, which is what DLP is really all about," Redmond said. "Some may struggle to integrate those products with broader DLP technologies, but moving forward I think the trend will be more about understanding data and how it is used, versus simply the type of device that is being used."

A minority report

Even those DLP players who are considered leaders in the space admit the market for their technologies is only just beginning to blossom.

Companies like Websense, and Vontu -- which was acquired by security market leader Symantec for US$350 million in November 2007 -- are considered to have the most users of DLP technology today, and they only lay claim to several hundred customers apiece.

Beyond mistaking simple endpoint device control and encryption technologies as true DLP offerings, market watchers and customers who buy into the integration problem are overlooking the fact that most companies are only just beginning to work with DLP, and that those organizations will benefit from more mature, tightly integrated products, said Vontu Chief Executive Joseph Ansanelli.

"We're still refining the integrated suite. We have to do more to deliver across infrastructure. There's still a lot to do there," Ansanelli said. "We know that we need to be integrated into the right technologies at certain points in the infrastructure and then overlay the context of how the content is used.

"A lot of people tried to do the context thing first. But when people try to lock down the data in only one way, they still have huge holes around what is allowed, whether at the endpoint or the gateway," Ansanelli said. "The issue is that DLP is a data problem, not an endpoint-only problem. If you only have one product like that in place, you just can't get that integrated view."