The Hindu Business Line : ‘Companies waking up to data loss challenges’

Coimbatore, Nov. 14 ‘Data Loss Prevention’ (DLP) is a business driver and not a pure IT task,’ says Mr Vishal Dhupar, Managing Director, Symantec India.

Though companies have traditionally protected themselves by installing multiple safety tools such as firewall, it has been found that the loss of information is higher from within the organisation than outside, necessitating DLP, he says

Excerpts from an interview:

What are the factors that drive DLP?

Data is a valuable asset and one cannot afford to lose it. Take for instance a bank – the customer details is important, for us (Symantec) – our source code is critical, and for a marketing company – the surprise package could be vital. These are factors compelling DLP.

We witnessed over 230 breaches disclosing over 90 million individual data records. More than half of these breaches were due to insiders.

According to the IT Policy Compliance Group, 68 per cent of organisations experience six losses of sensitive data annually, while 20 per cent suffer 22 or more sensitive data losses every year.

What are the key causes for data loss?

The prime reason for such leakage is a broken business process. A lot of security measures may be installed on the network and the end point at the systems level. But sharing of data with third parties through CDs, a thumb drive or email would negate all that.

Almost 50 per cent of the data loss can be attributed to broken business processes, while 46 per cent is inadvertent due to employee carelessness such as data loss due to e-mail transfers. Less than 4 per cent of the loss is truly malicious.

One of the drivers behind DLP is helping companies identify and fix the broken business processes. If a company has a set policy, it will be able to avoid any malicious activity within the organisation.

What can DLP solutions do?

It will help Chief Information Officers and Chief Information Security Officers extract the cream of data that they would want to protect and tag it as confidential. These can be tagged to mobile phones, laptop etc.

Information can also reside on network or stored in a storage device.

The IT Policy Compliance Group works to fix the confidential information and see that it is not lost.

Symantec DLP version 9.0 provides organisations with increased ability to discover, monitor and protect confidential information, wherever it is stored or used.

How serious is the data loss threat in Indian enterprises?

According to a PwC survey, IPR and business information leakage accounts for 32 per cent and 68 per cent of data loss in India, indicating that such loss threats are eminent in Indian enterprises.

Since India has emerged as a major outsourcing hub, it means that some of the most sensitive information in the healthcare, insurance and manufacturing segments reside here. DLP has therefore acquired huge prominence due to credibility, compliance and competition factors.

Are Indian enterprises ensuring that DLP is a part of their security ecosystem?

Enterprises here are definitely waking up to the challenges of data loss. DLP though is still a fairly new concept in India. Companies are endorsing the solution. As more organisations understand the value proposition, adoption of DLP solutions will increase exponentially.

Related Stories:
Symantec offers integrated storage tool
Messaging security tool from Websense
Data breaches, phishing hog the limelight
Symantec’s unified solution to tackle information risks