"The biggest problem that we hear people running into is the inability to enforce security policies consistently across the three different areas of DLP," Yair said.

"If you can't enforce the same policies across all of your systems, then it is almost impossible to make DLP work properly, which is why we're advocating the integrated approach today," Yair said. "If you don't allow credit card numbers to flow across the network, why would you let them be saved to a USB drive? But it does seem that some companies are having this issue."

Other industry watchers downplayed the problem and classified such device control applications as mere cousins of true DLP systems, but admitted that the problems may exist.

"People may have purchased these fail-safe tools at the end point, and they address an aspect of DLP that involves device control and setting encryption at the endpoint. But that's not really DLP, it's not data-aware, it's more about controlling the periphery of the end point," said Devin Redmond, senior director of product management for security products and strategy at vendor Websense.

Redmond said many DLP vendors, including Websense, have built APIs to mesh their products with those end-point tools, and he noted that some of the perceived problems with the device control applications is that they cover such a small piece of the overall data security issue.

"A lot of people who made the move on those fail-safes are finding that they won't address the bigger problem, that they don't get into the workflow of understanding the data on the device, which is what DLP is really all about," Redmond said. "Some may struggle to integrate those products with broader DLP technologies, but moving forward I think the trend will be more about understanding data and how it is used, versus simply the type of device that is being used."

A minority report
Even those DLP players who are considered leaders in the space admit the market for their technologies is just beginning to blossom.

Companies such as Websense and Vontu -- which was acquired by security market leader Symantec for $350 million in Nov. 2007 -- are considered to have the most users of DLP technology today, and they lay claim to only several hundred customers apiece.

Beyond mistaking simple end-point device control and encryption technologies as true DLP offerings, market watchers and customers who buy into the integration problem are overlooking the fact that most companies are only just beginning to work with DLP, and that those organizations will benefit from more mature, tightly integrated products, said Vontu founder Joseph Ansanelli, who now wears the title vice president of data loss prevention solutions at Symantec.

"We're still refining the integrated suite. We have to do more to deliver across infrastructure. There's still a lot to do there," Ansanelli said. "We know that we need to be integrated into the right technologies at certain points in the infrastructure and then overlay the context of how the content is used.

"A lot of people tried to do the context thing first. But when people try to lock down the data in only one way, they still have huge holes around what is allowed, whether at the end point or the gateway," Ansanelli said. "The issue is that DLP is a data problem, not an end-point-only problem. If you only have one product like that in place, you just can't get that integrated view."