In January, CA acquired start-up Orchestria and has renamed the gateway and desktop monitoring product CA DLP. CA DLP is integrated with encryption products from Voltage, PGP and BitArmor so data tagged as sensitive can be automatically handed off to be scrambled before transmission, if it’s not blocked.

“CA is very big in identity and access management,” says Mathew, noting DLP can be tied to CA's identity management product or anything LDAP enable such as Microsoft Active Directory to set DLP policy. If there's a weak point in DLP today, says Mathew, it's that DLP can’t read encrypted documents. “If it can’t read it, it can’t analyze it to block it.”

Hundreds of customers use CA DLP, including Bloomberg, which includes it with their terminals, says Matthew, and even competitor Symantec in the past OEMed Orchestria for content-filtering in Symantec Enterprise Vault.

Symantec acknowledges that's the case but prefers not to discuss that, and instead points toward the security firm's own future plans for Symantec DLP, based on its Vontu acquisition.

What was once Vontu is now called Symantec DLP Discover, Monitor, Prevent and Management with about 300 corporate and government customers using it, says Rob Greer, Symantec’s senior director product management for data-loss prevention products.