Bangalore - Symantec Corp's study on the risk of data loss in Indian Enterprises has revealed that 79 percent of organizations highlighted data loss to be their most serious information security concern followed by other threats like virus and denial of service attacks and spam.
The study was conducted by IDC (India) in August and surveyed 142 respondents, including CIOs/CTOs/IT heads, AGM/DGM, IT Managers, from Banking & Finance, Manufacturing, Media & Entertainment,Telecom,IT/ITeS and other sectors.
Difficulty in data classification, low awareness and obliviousness of enterprises on impact of data loss were the reasons cited for the low adoption of data loss prevention technologies. The survey revealed that more than 50 percent of the data residing in Indian enterprises is considered to be sensitive.
More than 50 percent of the data residing in Indian enterprises is considered to be sensitive.
Symantec India managing director Vishal Dhupar, who was earlier the managing director for Autodesk India and SAARC operations, feels that this number is quite high and is probably because these enterprises have not yet understood data classification. The study also reveals that nearly 30 percent of the enterprises are struggling with data classification. This acts as an impediment in Data Loss Prevention.
“The need to protect sensitive information like source code, intellectual property, employee and customer accounts has made businesses realize that data loss can turn into a catastrophe and become a competition, compliance and credibility black hole”, said Vishal Dhupar. “It is imperative that as part of their overall security strategy, enterprises protect their information proactively and know where confidential information resides with them, how this information is being used and how its loss can be prevented”.
Vishal Dhupar leads the sales and marketing operations for Symantec in India and SAARC regions. He joined Symantec from Autodesk, where he held the position of managing director for Autodesk india and SAARC operations.
State of data loss in Indian enterprises
Despite data loss being considered as a looming threat, only 15 percent of the surveyed organizations have adopted any form of data loss prevention measures. This was largely a result of low awareness (32 percent) amongst enterprises on the impact and consequence of data loss and how data loss prevention technologies could safeguard reputation and revenue of organizations.
The study finds that more than 16 percent of organizations in India admitted to facing a data loss issue in the recent past. The major causes for these data losses were traced to unaware users, malicious insiders and increasing external threats from hackers and cybercriminals.
As high instances of data loss hit Indian enterprises, 52 percent respondents said that compliance and regulatory mandates was a major driver to prevent loss of data. Pressure from international clients was the driving force behind 24 percent organizations while business continuity was another important factor of consideration for many respondents.
Inadequate Measures to Prevent Data Loss
According to the survey, majority of users considered firewalls, log analyzers, intrusion prevention and intrusion detection solutions as adequate and appropriate data loss prevention measures. Amongst users of data loss prevention (DLP) technologies, 84 percent had opted for ‘patch’ or ‘silo’ based implementation. In the non-users, 45 percent felt ‘no real need’ for DLP since they felt that their existing security solutions were enough to keep their information safe. In addition, close to 30 percent of all respondents faced data classification challenges while differentiating between sensitive and non-sensitive information within their organization.
DLP adoption across sectors
Of the respondents, large enterprises showed the highest awareness of DLP (84 percent) while the awareness and adoption was very low in medium and small enterprises. High-risk industries like Banking Finance and Insurance showed the maximum implementation of DLP with over one-third of the Indian organizations implementing DLP belonging to this sector. The other sectors investing in DLP include IT/ITes (30%), Telecom (18%), Manufacturing (12%) and others (6%).
C-level influence in DLP
Just as DLP is not simply a technological solution, protecting information is no longer just an IT concern. Preventing the loss of data is a business problem, and it requires a business solution. The findings of the study elucidated how DLP is today being addressed at the highest levels with the CIO, CTO or a technical committee having the final say on the deployment in approximately 76% of organizations.
* Effective data loss prevention (DLP) establishes repeatable processes and procedures that reduce the risk of data exposure throughout an enterprise. Organizations must look beyond just installing products as that alone will not ensure success.
* Organizations should strive to achieve a sustainable DLP program that effectively addresses evolving risk factors and supports a culture of security. Comprehensive, long-term, sustainable DLP is based on:
o Threat coverage: Information has to be protected wherever it resides, whether that’s at-rest, in-motion or in-use. This requires control points at multiple tiers (i.e. endpoint, gateway, network, back-end databases).
o Business Process Integration: DLP must be incorporated into an organization’s overall business processes so that it’s viewed as a business necessity, aligned with strategic goals, compliance requirements and risk management.
o Risk Reduction Measurement: Organizations should define achievable and measurable goals and then regularly review progress against them and hold business leaders accountable for meeting them.
* Mature DLP deployments result in:
o Building a culture of security where everyone in an organization, from top to bottom, understands their role in keeping information secure.
o Elevating information risk management initiatives to executive level discussions.
o Driving business units to define and prioritize their data loss concerns.
- Tire maker Michelin develops FEA post-processing tools using MeshViz XLM and Open Inventor® by VSG
- FARO and Autodesk Collaborate to Add Support for Point Cloud Data to AutoCAD 2011
- Delcam presented with sixth Queen's Award
- Spatial Announces Registration Open for 3D Insiders' Summit 2011
- MSC Software and Sigmadyne Announce New Capabilities for Optimization of Optical Systems
- Official Thinkdesign 2011 Beta version Entering into the Build Phase - Ready for Imminent Release
- Materialise Innovation Forum Major Success
- COMET robot machining consortium meets at Fraunhofer
- Autodesk Acquires T-Splines Modeling Technology Assets
- Two Indian SolidWorks resellers add Sescoi's WorkNC to their portfolio