Protecting Info One File At A TimeProtecting Info One File At A Time

Enterprise security problems and regulatory requirements give rise to startups the way cow pies give rise to mushrooms. That's certainly the case in the nascent information leak prevention (ILP) market, where a handful of startups aim to help enterprises stop sensitive data from leaving the enterprise.One such company is Code Green Networks. Launched in October 2004, the company has received $32 million in VC funding over three rounds, with investments from Sierra Ventures and Bay Partners.

Code Green Networks has a good pedigree. The company was founded by Sreekanth Ravi and Sudhakar Ravi, co-founders of SonicWall, a successful firewall and VPN appliance vendor. As with SonicWall, Code Green Networks targets small and medium-size enterprises with easy-to-deploy appliances.

Its first product, the Content Inspection (CI) appliance, was released in April 2006. It sits at the boundary of the internal network and monitors e-mail, Web mail, IM, HTTP, and FTP traffic for sensitive corporate information.

The company has also released agent software that resides on corporate PCs and laptops. The agent enforces policies on the use of removable media such as USB drives and provides a variety of options, such as preventing the transfer of sensitive data to removable media, encrypting the data, or limiting access to read-only.

However, Code Green still has a ways to go. At present the network appliance can only block SMTP e-mails (requiring the use of the appliance's built-in MTA). That leaves a variety of channels wide open. For instance, if someone attaches a sensitive file to IM, the product can alert on it but not stop the transfer.

And the ILP market itself is a gamble. Unlike firewalls or spam filters, ILP has yet to prove itself to be a must-have component of an IT infrastructure. This limits the initial market size to companies with pressing regulatory requirements to identify and stop data leaks.

Also, the company's focus on small and medium enterprises (SMEs) may hinder it in the short term. Why? A successful ILP rollout requires a significant commitment of IT administrators. Like intrusion detection systems, ILP products need a lot of hand-holding from administrators as they create policies, respond to alarms, verify the accuracy of those alarms, track data movements and continually train the system to identify new data to protect. Large staffs aren't common to your average SME, further limiting Code Green's market.

Last but not least, the market is getting crowded. Companies such as Vontu and Reconnex offer similar capabilities, and Websense has entered the market by acquisition. McAfee also recently launched a host-based solution, and a network appliance is sure to follow.

The upshot? Code Green has its work cut out for it. Luckily, the market is still young enough that a startup can carve out a sustainable niche or position itself as an attractive acquisition candidate. The founders' experience and partnership with seasoned tech VCs give Code Green a fighting chance for a happy ending.