More than one in three (38%) of respondents are still failing to deploy any form of data leak prevention, whether that be device control, endpoint DLP or DLP appliances. Amongst small to medium sized business this figure increases to over half of organizations (54%), according to a survey by DeviceLock.
The survey also revealed that even those managers that are deploying technology solutions to prevent data leakage from within their organizations the majority are failing to protect all the possible channels where data leakage can occur.
In spite of the rapidly growing use of personal smartphones and PDA’s within business environments, less than half (48%) of all respondents who had deployed a DLP solution reported that they controlled the data synchronizations between employees’ computers and their smartphones.
Furthermore only a quarter (26%) of respondents that use DLP solutions are able to control the content of documents printed from corporate computers. This is despite the fact that a recent study published by the Ponemon Institute concluded that the document printing channel was found to be the most often used for stealing corporate data.
77 % of respondents acknowledged that they monitor employees’ Webmail and social networking applications such as Facebook and Twitter to prevent data leakage, regardless of whether corporate or private accounts are used. Only 8% of respondents believe that privacy concerns are an obstacle for enforcing such controls, suggesting that concerns about security breaches override those of privacy.
The overwhelming majority of respondents (75%) stated that DLP solutions should support out-of-the-box components for full-text searching in their audit and shadow log database. The reason for this is clearly that full-text search capability reduces the labor and time expenses for security compliance auditing, incident investigations and forensic analysis for IT departments.
IT departments are becoming acutely aware of the need to keep costs arising from highly resource intensive processes – such as security compliance auditing, incident investigations, and forensic analysis to a minimum. Affordability and ease-of-use clearly remain significant barriers of entry for those responsible for protecting organisations,’ data especially amongst small to medium sized businesses.