Integrative research means our extensive company research informs every thesis and perspective. The result is deep industry knowledge, expertise, and trend insights that yield valuable results for our partners and clients.

About the Author:
Howard Smith
Managing Director
Howard Smith is a managing director (office of the president) specializing in research and investment in software-as-a-service (SaaS) businesses and other business models based on information technology, particularly Internet of Things, cybersecurity, and internet infrastructure. He also built the firm’s historical research franchises in call centers and computer telephony. He is a thought leader in his sectors, having authored numerous widely read white papers. He uses his industry knowledge and expansive network to uncover promising investment opportunities and help companies navigate their strategic paths and accelerate growth. His work has been cited for excellence by the Wall Street Journal and other publications. Prior to joining First Analysis in 1994, he was a senior tax consultant with Arthur Andersen & Co. He earned an MBA from the University of Chicago and a bachelor’s degree in accounting from the University of Illinois at Urbana-Champaign. He is a certified public accountant.
First Analysis Cybersecurity Team
Howard Smith
Managing Director
Matthew Nicklin
Managing Director
First Analysis Quarterly Insights
Data loss prevention market heating up
September 11, 2020
  • A confluence of factors has contributed to an increase in activity in the data loss prevention (DLP) market, which consists of a variety of solutions aimed at keeping organizations’ sensitive information from being accessed or used by unauthorized parties. Key among these factors are the migration of data and computing to distributed cloud platforms that span diverse physical networks, the advent of regulations that demand better data protection, and the explosion of remote computing that occurred as a large percentage of the workforce began working from home due to COVID-19.
  • While a handful of relatively mature cybersecurity players have dominated the DLP market, a number of these companies may see their positions erode or shift in the current environment, and several relative newcomers appear well positioned to disrupt the market with new technologies and novel approaches.
  • We provide a high-level overview of DLP technology and the DLP market and highlight a few of the new solutions that aim to make DLP more effective, easier to manage and less costly.


Includes discussion of AVGO, MSFT, PFPT, PANW and 4 private companies

DLP market background

Major players dominate

Changing IT environments complicate DLP programs

DLP sometimes integrated with other security solutions

Recent sector transactions, COVID-19, and regulation drive increased interest in DLP

Seeing new DLP entrants and approaches

Incumbents still a force; Microsoft another to watch

Cybersecurity index continues post COVID-19 rally, in line with Nasdaq

Cybersecurity M&A continues its post-COVID-19 pause

Cybersecurity private placement activity retreats in Q3

DLP market background

DLP is somewhat of a catch-all term for a variety of solutions focused on keeping an enterprise’s sensitive information from being accessed or used by unauthorized parties. Sensitive data includes a wide variety of information such as personally identifiable information (names and associated personal data), corporate records such as financial statements and board packages, and intellectual property. While an important goal of DLP is to keep such data out of the hands of malicious actors, it also aims to prevent well-intentioned employees from inadvertently violating regulations or otherwise putting their organizations at risk by sharing data with certain people or in specified geographies.

Solutions vary widely. Simpler solutions identify sensitive information, make sure it is encrypted when stored (at rest), and typically use some type of identity- or role-based authorization to control access. Comprehensive approaches go beyond those basics with measures such as ensuring data is encrypted when being moved (in motion), controlling under what circumstances access will be granted (often in conjunction with machine learning algorithms that detect anomalous behavior), and monitoring and reporting on when and how data is accessed, copied, moved or used. Because comprehensive approaches require identifying and classifying all types of sensitive data, understanding the role of every user of the data, and contemplating every type of network, device and application that might transfer, show or use the data, they are exceptionally complex solutions. Done correctly, a comprehensive approach goes beyond controlling original sensitive data to ensuring unauthorized copies cannot be made or transferred.

To access the full report, please provide your contact information in the form below. A First Analysis representative will follow up with you shortly. Thanks for your interest in First Analysis research.
First Name required!
Last Name required!
Email required!
Industry required!
Unfortunately, your request to access the complete report has failed.

Please check the contact information you have entered.

If the form submission failure persists, please contact Person at (xxx) xxx-xxxx to handle your request. Thank you.
©2024 by First Analysis Corporation.
One South Wacker Drive
Suite 3900
Chicago, IL 60606