Story image

Data loss prevention

01 Aug 08

The reality is that too many organisations are leaving themselves open to data loss incidents in one form or another — whether it be a malicious attempt to leak confidential information or simple human error.

Alarmingly, research conducted in the US, UK and Australia has shown that between 15 and 20% of organisations have suffered data loss in the last 12 to 18 months, and around half of those have suffered more than one incident.

The global research also indicated that, on the whole, organisations are still not locking down the transfer of sensitive information appropriately. Email is the most popular method of transferring confidential data and yet businesses still admit to losing data via this medium. No doubt, these global trends are also evident in the New Zealand market.

Without current security breach legislation in place, it’s up to security vendors and their partners to educate the business community about responsible content security practices. For many organisations the concept of Data Loss Prevention (DLP) is a daunting one. It may be on their agenda, but perhaps they don’t know where to start in terms of assessing and addressing their specific requirements. Do they need to protect themselves at the endpoint or the gateway – or both? How do they go about it? How much of the IT budget will it eat up?

Worse still, some organisations make the assumption that DLP is simply about ensuring no one in the company looses a laptop. Just as common is the perception that content security is only about blocking out the bad — preventing spam, viruses and the like, from entering an organisation. But, what about protecting the good, and often confidential, content from leaving the organisation? What about guarding valuable IP?  If you think about it, restricted information falling into the wrong hands has the potential to cause far more damage than spam sitting in an inbox.

What’s the answer?

Best practice content security demands a two-pronged approach: comprehensive content security technology and a commitment to ongoing policy enforcement.

There’s no doubt that there are a lot of IT security solutions out there and, unfortunately, a limited understanding when it comes to just how they compare. As technology distributors and resellers, you’re probably well aware of this already. It becomes hard to differentiate between offerings — to establish which will address an organisation’s needs and represent the best value for money.

It’s really quite logical. The only way an organisation can achieve effective content security is to implement a solution that offers both inbound and outbound protection using deep content inspection. To protect just one of these means only half the job is being done.

For any content security solution to be effective, the related policies must be enforced across the organisation. This process begins with policy education at all layers of an organisation and continues with a dedication to governance and control.

With an increasing number of high profile security breaches being reported in the news, businesses must expect to be put under the spotlight. Legislation or no legislation, businesses are going to be put under increasing scrutiny by key stakeholders, including employees, partners, customers, shareholders, industry bodies and consumers, to ensure they are managing and protecting data responsibly. 

What does this all mean for you, the technology channel? The challenge is set to help educate businesses on how they can make their spam budgets work harder to deliver complete content security that blocks the bad, protects the good and prevents abuse.     

IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Kidd made Ingram Micro executive for cloud
Barbara Kidd has been promoted to cloud general manager as the company signs new vendors to its Cloud Marketplace.
Open source will be the next big thing for the channel
Channel firms should be on the lookout for opportunities across open source and more diverse software offerings like software-defined containers and storage.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.
Cisco dominates record-high Ethernet switch & router markets
While the market is flourishing, it’s tough-going as Cisco has increased its majority share of the pie.