Two thirds of UK organisations have not deployed data loss prevention technology.
According to CA and Quocirca, UK organisations expect data privacy and national security to be the two areas of regulation that will impact them the most in the next five years. However, they blame a lack of time, a ‘lack of compliance vision', and scarce resource availability, for failing to address many of the compliance issues they face.
It also found that those charged with managing IT security are most concerned about the activities of external users. They are also concerned about the compromise of sensitive data, internet use and the activities of internal users. All of these are linked: it is the sharing of data between users (often over the internet) that is behind many of the well-publicised incidents involving the loss of sensitive data.
Simon Godfrey, director of information security, risk and compliance at CA, said: “The survey findings, provide clear and timely evidence that UK organisations require DLP technology in order to effectively support their compliance requirements, protect their brand value and maximise competitiveness.
“As network perimeters continue to blur, it is clear that security needs to be applied to the data throughout its lifecycle. Information needs to be understood with policies applied to enforce who can use it and how.
“Linking DLP with IAM provides the right combination to achieve this: allowing organisations to discover, monitor and control critical information wherever it is located, while ensuring that the information is only used by the right individuals in the right way and according to their roles and privileges. In essence, with the proliferation of sensitive information across enterprises, this combination enables a much-needed practical approach for applying the principle of least privilege.”
Bob Tarzey, analyst and director at Quocirca, said: “Recent high profile data breaches demonstrate that electronically-stored data is often insufficiently cared for. This failure to protect data is costly, not least because of the level of fines now being imposed by regulators. On top of this there is the reputational damage and loss of competitive advantage that usually ensue. The technology exists today to link the use of data to people through enforceable policies.
“This allows a compliance-oriented architecture to be put in place based on widely accepted information security standards, such as ISO27001. Doing this enables UK organisations to allow the safe sharing of information, both internally and externally, ensuring both the continuity of business processes and good data governance.”