The survey that was conducted by Dimension Data & IDC during 2009 focused on IT security, IT security decision makers & influencer in 18 countries from many sectors from the world including Western Europe, the Americas, the Middle East and Africa, and Asia and Pacific.
The study showed the following results:
- 57% of companies are planning to invest in DLP Measures (Data Leakage Prevention)
- 45% of companies believe that Data Leakage is more likely to occur through human errors which is their employees & staff rather than through outside risks as intentional thefts which is measured to be 15% of the total risk
- The probability of a vengeful employee aiming to destroying or stealing important & sensitive data from the company has increased. The increase of the risk is related to the increase in layoffs that is taking place in the current economic climate.
- The companies believe that the most significant impact of a security breach would come from the lack of control of its intellectual property (IP). In addition to that, the customer sensitivity to security & privacy may be another severe impact followed by the IT systems availability which is offering products & services at 24/7
- Most of the risk is coming from inside & not outside as the companies’ protection systems is designed to protect outward at the network perimeter & not inward whereas the inside of the network remains relatively free of security controls & unprotected
- The security awareness training initiatives for employees often go unfunded as companies consider that it is difficult to demonstrate a return on investment for such trainings.
To tackle all of these challenges, companies are moving towards Data Leakage Procedures (DLP) as it is an important approach to the protection of information, rather than the protection of networks & systems. By using this approach, the company creates automated, technical barriers to both human errors & malicious intents. Moreover, companies are losing critical data due to errors done by employees where they started working to tighten security controls internally and heading towards adopting the DLP & investing in it which allows them to define and enforce an effective security policy for information flow in order to keep control of critical information such as blue prints, financials metrics, and source code, prevent accidental breaches of compliance regimes and confidentiality policies, and support the user's ubiquity while using laptops or smaller devices in the work.
DLP can be implemented in many places & position. It is applied to data in motion (in between networks, users, and machines), data in use (when being accessed), and data at rest (when stored, archived), regardless of whether the data is inside an organization’s network or not. However, DLP is not an off-the-shelf product, silver bullet, or a quick fix. It is a mix of data-centric solutions which focuses on data rather than network or systems where it is considered to be a business issue & not technical one where it concentrates on managing the issue of protecting sensitive data (an important strategic step forward)
“After its people, data is an organization’s most crucial asset, and those active in security realize that if they protect data, they automatically protect their organization”
http://find.galegroup.com.ezproxy.uow.edu.au/gtx/infomark.do?&contentSet=IAC-Documents&type=retrieve&tabID=T001&prodId=AONE&docId=A210193661&source=gale&srcprod=AONE&userGroupName=uow&version=1.0
No comments:
Post a Comment