The debate over the right data loss prevention strategy

Perhaps the biggest opportunity that messaging gateway vendors have to sell the concept is the huge effort that traditional DLP tools require in creating policies around data usage, proponents maintain.

"People get scared of software that takes over a year to build policies," said Taher Elgamal, CTO at gateway vendor Tumbleweed and a security guru credited with driving the evolution of SSL technologies.

"The DLP vendors have great basic ideas, but the implementation as a separate infrastructure is incorrect," he said. "DLP needs to be embedded in the pipe, in the e-mail system — not [be done] as an afterthought."

The case for full DLP

"The messaging vendors have a point, but like everything else, you can't assume that it means they have the whole story," Yankee's Jaquith argued. "The truth of matter is that with DLP, if your goal is to stop any and all leaks outside of a company, e-mail filtering alone won't do it."

Rich Mogull, an analyst with Securosis, said that he strongly disagrees with the gateway vendors' claims that they can handle enough DLP capabilities to win over large customers with their products, and he contends that any business hoping to cover itself using those tools alone is likely "doomed to fail."

"You can get some of what you want through e-mail protection -- it's effective for addressing the true low-hanging fruit -- but if you really want to protect data, you need to cover the end point, the network, and discovery," Mogull said.

"One of biggest drivers of DLP is content discovery. You need that knowledge of your data in motion at rest and in use, and consistent policy enforcement across all of that," he added.

Predictably, marketers of full-scale DLP systems echoed those sentiments.

"Symantec believes that DLP is as much about understanding where data is stored, how people are using, and how to automate policies to prevent it from getting out," said Joseph Ansanelli, former CEO of DLP vendor Vontu and now head of Symantec's DLP business (Symantec acquired Vontu in 2007). "It's not just an e-mail problem, it's a data problem across IT infrastructure, including at the end point, and for data at rest in storage, and elsewhere."

Ansanelli said that Symantec of all companies should know the problem can't be handled just at the messaging gateway level, since the vendor's huge market share exposes it to all the data protection challenges that customers really face.

And Symantec saw it needed to add full DLP to its mix with Vontu, not just rely on the messaging gateway to prevent data loss. "Our messaging business at Symantec is bigger than all the competitors out there, and we don't believe that what these other vendors are talking about is what customers actually expect from DLP," Ansanelli said.