Can you survive exposure of your family jewels to the world? Someone once described losing data from an organisation as being caught with your pants down.
Data breeches are one of the biggest growing fears for organisations today and 2011 has been the year of monumental breeche: RSA, Sony, Citi Group, Google and the list goes on.
Enter data loss protection (DLP) – one of the fastest growing segments of the security market. Just as in the past everyone adopted firewall technology and we saw an explosion in this market so too will we in the DLP arena.
From a reseller perspective you need to understand what this technology does and how to message it as a solution to your clients. Gartner concluded that every company that had a breech and lost data lost 30% of their customers after it became public.
Can you or your customers afford to lose 30% of your client base? Loss of intellectual property equates to loss of credibility and customers which can send a business to the wall.
So what is DLP?
With DLP you are controlling the content within the network, you are stopping data at rest (on desktop) and data in motion (email) leaving the organisation in an uncontrolled manner. The key to this is classification of content: is it financial, is it credit card or sales information or possibly the company strategy for 2012?
Good DLP solutions will come pre-configured with classifications pre-loaded with all the most common classifications, so from day one when you activate the solution you will pick up the loss of sensitive information.
To successfully sell DLP your customer needs to see this solution in action in-house. The most productive way is to access a trial like CheckPoint’s 30 day trial. This can be set up in an hour and with all proof of concepts we have seen you may see leakage within minutes! This may be medium or low risk such as bad language or as extreme as the company’s financials going to senior execs but being blind copied to an external Gmail account. Within a day the company will see what data is leaving the company. It can be incredibly informative for the CIO and CEO.
These evaluations are non-intrusive, and the user does not know the logging is going on. But the moment the DLP is turned on it becomes the best tool to educate and engage users on why it is been used. By educating users they buy into the technology because they now understand the risks to the company and, of course, to themselves.
An example of how this can work would be a user who has a target list for their product when it launches. They email this list to their sales team. Once they hit send it checks the email addresses and the data. In this case they accidentally included an external email address and the pop-up window asks them if they intended to send this to that address? If they say yes it asks them to write a reason. Then if policy allows it will go out, if policy says no it will block it.
This example shows that the content was checked and potentially blocked if a policy was set and also, importantly, the user was educated on the risk and a potentially embarrassing situation adverted.
Take another example – between departments. Some organisations have natural Chinese walls; they are relying on written policy only to ensure data is not shared. But say a user has everyone’s remuneration details and sends this internally to the wrong person. In the past, organisations relied on human nature to respond to the email recall message if the error is picked up. Now with DLP, the user can have policy set to say that department can not send that type of content so it is stopped before it reaches the other employees.
There are countless examples of why companies should look at protecting their sensitive data, there is a very low cost of entry and it’s not a complex beast as first thought. This market is maturing with an expected 25% growth in 2011-12 to reach $2 billion in revenue.
So next time you talk to your clients about security, ask them how many emails go out that may be blind copied to a Gmail account, how many emails are sent to the wrong person containing sensitive company data and how would the company go if they lost 30% or more of their customers overnight?
If they can’t answer one or any of those questions then it is time to have a conversation on what DLP is and how it can protect their family jewels before they are exposed to the world!