Skip to main navigation

2011 Global Information Security Survey - Plugging the data leaks - EY - Global

2011 Global Information Security Survey

Plugging the data leaks

  • Share
66% of respondents have not implemented data loss prevention (DLP) tools.

Knowledge is power, and information derived from data is any organization’s most valuable asset.

With new borderless operating environments and the increasing adoption of the cloud, the risk of data loss is growing rapidly. The increased amount of data that is carried around through the use of mobile devices heightens the risk that unauthorized parties can gain access to sensitive data.

The importance of data loss prevention

But data loss is not only limited to the risk of physical loss of devices such as tablet computers, mobile phones or laptops. Many incidents are also due to accidental disclosure through electronic transmissions.

In most cases, employees are not even aware of the risks associated with sending sensitive data through:

  • Unencrypted emails
  • Instant messages
  • Webmail
  • File transfer tools

The embedding of technological user friendliness and access to data has become so intertwined that it has become relatively easy to engage in the unintentional spreading of confidential data.

However, data loss prevention (DLP) technologies and processes are widely recognized as one of the top management priorities, ranking second on the list of areas most likely to receive additional funding.

More than half of companies plan to spend more on DLP-related efforts than they did last year.

Approaches to data loss prevention

In terms of actions taken to control the data leakage of sensitive information:

  • 74% of organizations have defined a specific policy regarding the classification and handling of such data.
  • Nearly 70% have run employee awareness programs.
  • Almost two-thirds have implemented additional security mechanisms such as encryption for protecting information.

Logging and monitoring approaches include network intrusion detection and network segmentation — the two most popular measures implemented to prevent, detect or react to external attacks. In addition, 75% of organizations will perform an external network attack and penetration assessment over the next year and 73% plan to run an external network vulnerability scan.

Our perspective
  • Assess, understand and appreciate the many potential risks and areas of data loss, specifically documenting and ranking the risks relating to the data loss channels that exist within the organization.
  • Identify, assess and classify sensitive data across the enterprise so DLP controls can be focused to provide protection for the organization’s most sensitive data.
  • Take a holistic view of by identifying key DLP controls and measuring their effectiveness. All key controls that support the data loss prevention program, such as asset management and physical security controls, should be understood to provide accurate reporting of data loss risks and controls.
  • Cover data in motion, data at rest and data in use within the organization’s DLP controls.
  • Implement incident investigation, enlist a strong team to carry out the program and seek the support of key stakeholders throughout the business to create a successful DLP program.
  • Pay special attention to third parties with access to sensitive company data.
  • Understand what data is sent to third parties, how it is sent and if the transmission mechanisms are secure. Organizations have a responsibility to perform due diligence to validate that third-party data stewards have reasonable safeguards in place for protecting sensitive company data.

« Previous | Next »


Related content

Read related thought leadership on our website.


Save Into the cloud, out of the fog:
EY's 2011 Global Information Security Survey
as a printable document (10.2 MB PDF).


IT Risk and Assurance Services leaders:

Back to top