Despite spending billions on data loss prevention (DLP) technology, enterprises still leak data every day.
This is according to John McLoughlin, MD of J2 Software, who notes in most risk assessments performed, DLP systems are not performing as they should.
According to Gartner, DLP will be the fastest-growing security segment through 2018, with a combined annual growth rate of 18.9%.
DLP prevents unauthorised access and loss of sensitive data, and therefore should reduce risk to the business, as well as ensuring that highly confidential data is secure, and meets compliance and confidentiality policies, says McLoughlin.
"We repeatedly hear the same stories from companies struggling to get value out of DLP. Dtex Systems, the developer of SystemSkan, recently conducted research into the main causes of DLP failure, and found a number of aggravating factors."
He says many of companies surveyed reported ripping out DLP after small installations failed, because huge DLP tools bogged down computers, choked networks, and required massive servers to deploy.
In addition, says McLoughlin, many organisations can't afford the large team it takes to configure and maintain the complex rules in a typical DLP deployment. Instead, companies fall back to a few basic, intrusive rules like "block all USB devices" and "no usage of Facebook", he explains.
He adds with the Protection of Personal Information (POPI) Act on the horizon, businesses are looking to technology to prevent and control the unauthorised use of information, be it accidental or deliberate.
While there is no doubt that DLP is a vital element of the compliance and privacy conversation, many companies that have implemented DLP have still suffered data losses, he adds.
He points out the failure of DLP calls for a new approach to protecting against data loss and this approach rests on visibility. The solution must provide lightweight, enterprise-wide visibility, and offer answers and focus where DLP provides rules and complexity, he adds.
DLP is a strategy to ensure end-users do not send sensitive or critical information outside of the corporate network, says Mohsien Hassim, security services business unit manager at Datacentrix.
This type of technology requires proper planning and even more importantly, precise implementation, he adds.
DLP is a complex issue with no single effective solution; in essence, each organisation has its own challenges, business needs and risks mitigation strategies. This requires a continuous assessment of DLP requirements on an ongoing basis, says Hassim.
According to Warren Olivier, regional manager for Southern Africa at Veeam Software, SA has a historical culture of non-disclosure and cover-ups when it comes to data loss and data breaches - but, the POPI Act will force much greater transparency.
He says the legislation means the end of attempts to keep data breaches and data losses under the radar.
"A lot of companies prefer to deal with things quietly, and in some, the culture of the cover-up is so strong that the board would rather not discuss an issue, or even get a report, to avoid putting their awareness of a problem on record. But that is no longer an option."
Therefore, this means that board of directors need to put data availability high on the agenda adding data availability is not a box to tick; it has real commercial consequences.
A company which fails to meet the requirements of the Act may find itself liable for damages. On the other hand, steps that companies take to comply with the POPI requirements will also go a long way to ensure business continuity.
Share