According to IDC Financial Insights, Top 10 Predictions for EMEA in 2013, security and data loss prevention rose in the CIO heat map to rank in the top 3 priorities in 2013. At the same time 33% of EMEA manufacturers are not confident about their data security, according to IDC’s EMEA Manufacturing Security Survey in 2011. These concerns are caused by a number of large leaks experienced by the region in recent years. Also, InfoWatch Research Centre registered several of the most high-profile data leak incidents in the Gulf region. InfoWatch’s knowledge and work with customers in ME shows the rising interest of companies’ owners and CIOs in DLP solutions as data leakage situation is getting more critical.
2. How have DLP solutions evolved to tackle these impacts?
For over 8 years of DLP market existence (in 2005, IDC first introduced the term and named it a separate segment of information security market) DLP solutions came a long way from being a technology for content filtration to become a complex solution including broad set of data analysis technologies, data categorisation and consulting. DLP is not only a technology solution but it is a process. The first essential stage is understanding what information is confidential in the company and thus must be controlled and protected. If we don’t know what we are looking for we simply can’t find it. That is why InfoWatch does not offer DLP software as is, but also provide information analysis and categorisation, which we call Pre-DLP.
3. How willing are businesses to invest in DLP solutions now, compared to, say, a year ago?
As mentioned, DLP software as it is doesn’t deliver the full spectrum of solutions, and thus companies who already bought and installed such software were disappointed. Because of low DLP software efficiency, until now the market grew quite slowly. But since InfoWatch introduced the Pre-DLP approach, the market started to grow in the last few years by around 40% annually. We are expecting further stable growth.
4. What sort of information should be the best protected?
That varies depending on the company. Of course the type of confidential information depends on the industry where a particular company operates. For oil and gas segment, for example, confidential data are about oil field locations. For manufacturers, technologies and know-how are the most sensitive data. But in any case each company has its unique set of confidential information. That is why generic DLP solutions are often useless.
Another challenge is that 80% of data in modern companies is unstructured and spread over different documents, files and storages. Thus companies do not know which of their data are confidential and therefore can’t protect them efficiently. DLP solutions can only then solve the problem when the Pre-DLP stage (data analysis and categorisation) is in place and the client is involved in the integration process.
5. What steps can companies take to protect themselves against data leaks?
We are certain that only a multi-layered concept for data protection can work. This includes organisational measures, access rights management and data classification. Only then can the technical solution for data leakage prevention work. This approach requires significant joint work with the customer, high qualification of partner professionals, and a long-term integration process. That’s the only way DLP can achieve high results and record about 90 percent of efficiency.
6. Do DLP solutions have to go hand-in-hand with other security solutions such as anti-malware and firewalls?
DLP solutions are for internal security protection while antiviruses, firewalls and anti-malware are oriented more towards external threats. There can be some overlapping but quite rare because the implementation process of internal protection totally differs from external. Today there are no really integrated solutions, they might appear in the future but it’s a challenging task.
7. Which companies are most at risk from data leaks?
Of course, the companies with the most valuable information are most at risk. First, there are companies which have big volumes of personal data (mobile operators, big online retailers, authorities working with citizens, etc.). Second, there are companies which possess different trade secrets (manufacturing, oil and gas, etc.). Banks, big insurance companies, governmental structures also operate with highly sensitive data. We can add to the list any other company that considers its information valuable.