Bangalore - Symantec Corp's study on the risk of data loss in Indian Enterprises has revealed that 79 percent of organizations highlighted data loss to be their most serious information security concern followed by other threats like virus and denial of service attacks and spam.
The study was conducted by IDC (India) in August and surveyed 142 respondents, including CIOs/CTOs/IT heads, AGM/DGM, IT Managers, from Banking & Finance, Manufacturing, Media & Entertainment,Telecom,IT/ITeS and other sectors.
Difficulty in data classification, low awareness and obliviousness of enterprises on impact of data loss were the reasons cited for the low adoption of data loss prevention technologies. The survey revealed that more than 50 percent of the data residing in Indian enterprises is considered to be sensitive.
More than 50 percent of the data residing in Indian enterprises is considered to be sensitive.
Symantec India managing director Vishal Dhupar, who was earlier the managing director for Autodesk India and SAARC operations, feels that this number is quite high and is probably because these enterprises have not yet understood data classification. The study also reveals that nearly 30 percent of the enterprises are struggling with data classification. This acts as an impediment in Data Loss Prevention.
“The need to protect sensitive information like source code, intellectual property, employee and customer accounts has made businesses realize that data loss can turn into a catastrophe and become a competition, compliance and credibility black hole”, said Vishal Dhupar. “It is imperative that as part of their overall security strategy, enterprises protect their information proactively and know where confidential information resides with them, how this information is being used and how its loss can be prevented”.
Vishal Dhupar leads the sales and marketing operations for Symantec in India and SAARC regions. He joined Symantec from Autodesk, where he held the position of managing director for Autodesk india and SAARC operations.
State of data loss in Indian enterprises
Despite data loss being considered as a looming threat, only 15 percent of the surveyed organizations have adopted any form of data loss prevention measures. This was largely a result of low awareness (32 percent) amongst enterprises on the impact and consequence of data loss and how data loss prevention technologies could safeguard reputation and revenue of organizations.
The study finds that more than 16 percent of organizations in India admitted to facing a data loss issue in the recent past. The major causes for these data losses were traced to unaware users, malicious insiders and increasing external threats from hackers and cybercriminals.
As high instances of data loss hit Indian enterprises, 52 percent respondents said that compliance and regulatory mandates was a major driver to prevent loss of data. Pressure from international clients was the driving force behind 24 percent organizations while business continuity was another important factor of consideration for many respondents.
Inadequate Measures to Prevent Data Loss
According to the survey, majority of users considered firewalls, log analyzers, intrusion prevention and intrusion detection solutions as adequate and appropriate data loss prevention measures. Amongst users of data loss prevention (DLP) technologies, 84 percent had opted for ‘patch’ or ‘silo’ based implementation. In the non-users, 45 percent felt ‘no real need’ for DLP since they felt that their existing security solutions were enough to keep their information safe. In addition, close to 30 percent of all respondents faced data classification challenges while differentiating between sensitive and non-sensitive information within their organization.
DLP adoption across sectors
Of the respondents, large enterprises showed the highest awareness of DLP (84 percent) while the awareness and adoption was very low in medium and small enterprises. High-risk industries like Banking Finance and Insurance showed the maximum implementation of DLP with over one-third of the Indian organizations implementing DLP belonging to this sector. The other sectors investing in DLP include IT/ITes (30%), Telecom (18%), Manufacturing (12%) and others (6%).
C-level influence in DLP
Just as DLP is not simply a technological solution, protecting information is no longer just an IT concern. Preventing the loss of data is a business problem, and it requires a business solution. The findings of the study elucidated how DLP is today being addressed at the highest levels with the CIO, CTO or a technical committee having the final say on the deployment in approximately 76% of organizations.
Recommendations
* Effective data loss prevention (DLP) establishes repeatable processes and procedures that reduce the risk of data exposure throughout an enterprise. Organizations must look beyond just installing products as that alone will not ensure success.
* Organizations should strive to achieve a sustainable DLP program that effectively addresses evolving risk factors and supports a culture of security. Comprehensive, long-term, sustainable DLP is based on:
o Threat coverage: Information has to be protected wherever it resides, whether that’s at-rest, in-motion or in-use. This requires control points at multiple tiers (i.e. endpoint, gateway, network, back-end databases).
o Business Process Integration: DLP must be incorporated into an organization’s overall business processes so that it’s viewed as a business necessity, aligned with strategic goals, compliance requirements and risk management.
o Risk Reduction Measurement: Organizations should define achievable and measurable goals and then regularly review progress against them and hold business leaders accountable for meeting them.
* Mature DLP deployments result in:
o Building a culture of security where everyone in an organization, from top to bottom, understands their role in keeping information secure.
o Elevating information risk management initiatives to executive level discussions.
o Driving business units to define and prioritize their data loss concerns.
Popular Articles
- Delcam Sales Partner SEACAM appoints twelfth partner in Brazil
- M2 Technologies Extends Expertise With Addition of Sales Team
- IMSI Wins InterSystems Breakthrough Application Award
- MSC Software's Patran to be used at Shipyards Worldwide for Strength Assessment
- Surfware's free SURFCAM Student Learning Version Now Available for download
- Autodesk Completes Acquisition of Horizontal Systems, Inc.
- Delcam’s PartMaker CAM helps Orthopaedic International Inc. in the Philippines
- Zeus Numerix becomes first research partner to the newly opened EADS R&D center at Bangalore
- aPriori Launches New Product Cost Service Bureau
- Precision engineering company Alphateq selects Siemens NX-based CAD/CAM solution from Majenta PLM
