More than two thirds of over 2,000 SMBs surveyed in the Europe, Middle East and Africa ranked data loss to be their top business risk, according to a latest SMB Information Protection Survey conducted by Symantec. Data leaks cost small and medium-sized businesses (SMBs) an average of US$ 316,000 each during the past year, the research shows.
At present, data loss to an organisation in the UAE can vary from 5 to 30 per cent of overall revenue. This covers largely the private sector – mainly financial, media, oil and gas, real estate and construction, among others. It is difficult to quantify data loss occurring in the public sector at present.
Legislation in the Middle East with regards to data protection is still lagging behind the US and Europe. This region needs to develop a holistic approach to security and the reporting of data breaches. This will provide more focus on the serious issue and give direction to companies lagging behind in the security battle.
Data loss prevention (DLP) technology can play a significant role in minimising security threats. Organisations in the Middle East can benefit from the lessons learned by their peers in other countries.
Priortise the Need
There are many things an organisation can do with a DLP solution, and they should do most of them. Eventually. If they to do everything at once, the project will grow to an unmanageable size and become significant burden for IT.
Nigel Hawthorn, VP EMEA Marketing, Blue Coat Systems |
It is crucial that organisations understand and prioritize the key issues that are driving their deployment of a DLP solution, whether they be compliance, proprietary information concerns or some other issue. Organisations should determine the top priority items and create a deployment plan that reflects those priorities. The goal should be to claim initial success without requiring a full DLP deployment.
Understanding the key drivers of the deployment will also help select the appropriate solution. Not all DLP solutions provide the same functionality, and understanding those drivers will help determine which products an organisation should consider.
A global organisation or even a regional organisation will need a solution that supports multi-byte characters so that it can match content in Arabic, Japanese, Chinese and many other languages. Without that support, a business will have to deploy local solutions in each country, creating a multi-vendor policy, management and reporting headache.
Carefully analyzing how a solution catches sensitive content is equally important. The lack of advanced data recognition technologies, for example, could result in high false positives or overblocking that impedes productivity. Organisations that are concerned about overblocking content should be sure their solution has fingerprinting technology in addition to keyword matches.
Using fingerprinting to accurately register content helps reduce false positives, which can be high when keyword or pattern-based matching is used alone. Fingerprinting enables organisations to create signature-like profiles of proprietary and sensitive data that is then matched against traffic running on the network. It also eliminates the need to manually maintain white lists or other resource-intensive workarounds.
DLP Is Not Enough
While the right DLP solution can be effective at preventing the loss of sensitive, personal or confidential data, it is not foolproof and should not be deployed as a standalone solution. It works best when it is deployed in tandem with pro-active user education program and a security architecture that features other layers of defense.
Most leaks are accidental, and DLP solutions are most effective if they can inform the employee when they are attempting to do something that violates policy. A solution that provides real-time feedback to the user, can help them become more aware of their responsibilities and the risk involved with seemingly innocent activities. This type of education heightens user awareness and results in self policing of policy.
DLP systems should both directly enforce policy and re-enforce education efforts through context-sensitive messaging to the user. Employee education can take many forms, such as written policies that are propagated through the organisation or even coaching pages that pop up when an employee tries to send sensitive information via webmail. These pages allow organisations to educate employees about the types of data that cannot leave the corporate network, and they can even point the employee to the appropriate policy documentation. This constant reinforcement has proven highly effective in reducing unintentional employee data leaks. It also serves to create an awareness of the defenses that are in place to help prevent malicious data breaches.
Integrating DLP into an existing security framework that provides multiple layers of defense is also critical to successfully preventing data loss. In this framework, DLP can work with other defenses like anti-virus and web filtering solutions to ensure that sensitive data doesn’t leave the network. For example, if a user is infected with malware that collects personal identification information to send back to a server, a web filtering solution could identify that link as malicious and block it, preventing the data from leaving the corporate network.
The bottom line is that DLP solutions offer organisations an effective way to prevent data breaches, particular in the context of a strong multi-layer security architecture. In countries that already have data notification regulations and where DLP adoption is up, data breaches are clearly down. For Middle East organisations, the lessons from these earlier deployments are plentiful and provide a good map for how to successfully deploy DLP technology without the pitfalls.