How confident are you that all of the critical information inside your organization is protected?
Before you answer that question, consider these findings from a recent Ponemon Institute survey
of 1,000 workers who left an employer in the last year:
- More than half of the ex-employees admitted to stealing confidential company information, such as customer contact lists.
- 82% of respondents said their employers didn’t perform an audit or review of paper or electronic documents before they left their job.
“The survey’s findings should sound the alarm across all industries: your sensitive data is walking out the door with your employees,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “Even if layoffs are not imminent, companies need to be more aware of who has access to sensitive business information.”
The findings also underscore Symantec’s contention that critical information needs to be protected not only from external threats such as spam and viruses but from internal threats as well. That’s especially relevant today if your company has to make tough decisions about reducing its workforce.
This article looks at how implementing data loss prevention technologies enables you to know exactly where sensitive data resides and how it is being used, and to prevent it from being copied, downloaded, or sent outside the company.
One of the more interesting findings of the Ponemon Institute survey has to do with how employees viewed their former employer. Employees who said they “did not trust their former employer to act with integrity and fairness” were more likely to take confidential data. The survey found that 61% of respondents who were negative about the company took data, while only 26% of those with a favorable view did so.
The survey also found that employees are stealing data in different ways. Among the more popular means of transferring data was by downloading it onto a CD or DVD (53%) or onto a USB memory stick (42%).
More importantly, the survey found that companies aren’t taking proper steps to stop data theft. Only 15% of companies conducted a review or performed an audit of the paper or electronic documents that employees took. If they did a review, respondents reported that it was not complete (45%) or, worse, superficial (29%). Approximately 89% of respondents reported that their company didn’t do an electronic scan of devices such as portable data-bearing equipment or USB memory sticks.
So what can you do to ensure that your organization is protected against a catastrophic data breach? Simply locking down users is no longer an option; instead, you need technologies that protect your information while only minimally restricting users. Rather than broadly blocking activity, you want to block only those actions that can damage you. You need protection that is mobile, adaptive, and minimally intrusive.
Unfortunately, that’s not a job for perimeter security solutions, which are focused on keeping bad things out of the network rather than solving the problem of data loss. Perimeter security cannot address these fundamental questions: Where is your confidential data? Who has access to this critical data? How is it being used? These are precisely the questions that Data Loss Prevention was designed to answer.
Data Loss Prevention is particularly well suited for the modern workforce. It enables you to intelligently protect information based on the content, without completely blocking users from useful tools and services, ranging from portable storage to online services. It allows you to discover, monitor, and protect data at rest, in motion, and in use through deep content analysis.
Symantec believes that an effective Data Loss Prevention solution should address the following key requirements:
- Discover and protect confidential data wherever it is stored or used. A comprehensive solution that effectively lowers risk must enable you to accurately discover exposed confidential data stored on file servers, documents, email repositories, Web sites, relational databases, and other data repositories. Once this data is identified, the solution should enable you to protect it by automatically applying data protection policies through integration with data encryption, storage tiering, and archiving systems.
- Monitor all data usage and prevent confidential data from exiting any network gateway or endpoint. Preventing confidential data from being transmitted outside your organization first requires comprehensive monitoring of multiple endpoints. Email is only part of the problem. A solution that effectively reduces your risk of data loss across all business processes must combine comprehensive monitoring with prevention. It should accurately monitor and prevent security violations for all data types and all network protocols, including email, instant messaging, secure Web, FTP, P2P, and generic TCP sessions over any port.
- Detect accurately. To achieve the highest level of accuracy, the software solution must keep false negatives low to reduce the risk of a data breach. It must also keep false positives low to minimize review time, enable automated enforcement, and protect employee privacy.
- Enforce policies automatically. Without automated policy enforcement, the team responsible for alerting offenders and managing remediation would experience a significant increase in their normal workload. A best-in-class solution should employ intelligent, highly productive incident response capabilities that enable you to automate policy enforcement with flexibility.
- Proven global scale and architecture. One of the key questions to ask potential providers is, “Is your solution proven in production at FORTUNE 100 companies?” If it can successfully perform in these environments, chances are it is a strong enterprise-scale application.
As the proven, global market leader in Data Loss Prevention, Symantec has a solid track record of successful customer deployments at the largest enterprises and governmental organizations. Symantec offers complete coverage and protection of your confidential data across endpoint, network, and storage systems – all managed by a single, unified platform.
Symantec Data Loss Prevention solutions monitor and block confidential data from being downloaded, transferred, copied, or printed from a laptop or desktop – whether on or off the corporate network. By measurably reducing risk, Symantec gives organizations confidence to demonstrate compliance while protecting their customers, brand, and intellectual property.
As the volume of data continues to grow within your organization, you may have little or no visibility into where confidential data is stored or who has access to it. Traditional perimeter security solutions are of little help since they’re focused on securing the network, not securing the data. By implementing proven Data Loss Prevention technologies, you’re in a better position to know exactly where sensitive data resides and to prevent it from being sent outside the company.