Clear and present danger
Changing security landscape mean firms must take data loss prevention strategies back to the drawing board
With employees accessing corporate networks through all manner of devices, from personal smartphones through to tablets and laptops, traditional data loss prevention (DLP) strategies have gone out the window. But the issue isn’t solely down to the advent of the ‘bring you own device’ (BOYD) age, it’s also tied in to how people are working.
“In our private life we gladly use cloud services without even thinking of the security implications — so when we work, and specifically if we work on an uncontrolled device, we continue to utilise these services,” highlights Nicolai Solling, director of technology services, Help AG. “So in the same way as we have a next generation of security devices, you could also say that we have a next generation of users.”
The move towards using personal devices to access corporate data from anywhere at any time understandably means that organisations in the Middle East feel that their data is now less secure than it was in the past.
“Five years ago, the use of BYOD, IoT, cloud and big data was at its nascent stage and while data security was a concern then, this concern has assumed gigantic proportions today, purely because ICT adoption and the use of advanced technologies is growing in the Middle East,” notes Matt Cooke, senior product marketing manager, Sophos.
“Add to that the fact that in the first half of 2015, the Middle East was second in the list of regions with the highest records exposed. This clearly means it’s in the cross hairs of cyber attackers, who see the region as ‘low hanging fruit’ because of its lack of cyber security awareness compared to North America and Europe,” he adds.
“Sensitive corporate data is more at risk now,” continues Orange Business Services’ K. Tahsin Hersan, security practice lead, Middle East, North Africa and Turkey.
“Increasingly, employees want to collaborate with partners and customers through mobile and cloud-based applications. This increases the risk of data leakage [or] theft if the DLP solution is not adapted to new generation technologies,” he adds.
Traditional DLP systems had, at best, limited support in regards to mobile device protection, which means that companies are now having to look into upgrading or replacing DLP solutions in order to secure the growing number of vulnerable access points. And as Gartner research director Biswajeet Mahapatra highlights, this may not be a simple task.
“Mobility introduces many new permutations of old DLP problems, but makes solutions harder to design due to increased complexities of data movement, patchy functional capabilities in platforms and APIs, outmoded DLP boundary thinking and the extreme sensitivity by users to any action that interferes with their desired usability.”
Today there are a wide range of DLP solutions on the market, but security strategies are more than simply installing a product — CIOs need to look at the bigger picture.