Companies are bracing themselves for the next data breach,
implementing technology and processes to protect intellectual
property (IP) and other sensitive information in the wake of high
profile data breaches.
 | | | | | The CEO is now reading about this
stuff and is willing to fund initiatives to better protect
data.
Jon Olstik,
analystEnterprise Strategy Group |
| | | | | |
| |
|
Compliance is also driving adoption of data protection
technologies, according to two studies conducted by the Milford,
Mass.-based Enterprise Strategy Group (ESG).
The study on data leakage prevention found that more than
one-third of organizations not using data loss prevention
technology had information stolen from their databases within the
last 12 months and that 30% of those data breaches impacted
bottom-line revenues.
"The CEO is now reading about this stuff and is willing to fund
initiatives to better protect data," said Jon Olstik, an ESG
analyst.
Two research reports, "Intellectual Property and Security, the
Elephant in the Room" and "The Case for Data Leakage
Prevention,"concluded that enterprises need to improve the
processes that define their intellectual property and put data
leakage technologies in place to avoid a high profile data
breach.
One area in need of improvement, according to the intellectual
property study, is in the way data is classified by companies as
intellectual property. One-third of the respondents said that they
are ramping up attempts to protect their IP as a reaction to the
high profile security breaches that have occurred in the last
year.
In many cases defining intellectual property is a labor
intensive and manual process, Olstik said. Many firms are
conducting manual scans of file servers -- a process that could
take up to 80 hours per quarter on IP discovery. It's so time
consuming that it is becoming very costly, Olstik said.
The IP study found that 74% of respondents say their
organization will spend more to secure electronic forms of
intellectual property in 2007 than they did in 2006. While many
organizations have a centralized process to classify information as
intellectual property, more than 25% of respondents said their
process needs improvement.
"Defining what is IP and what isn't IP is being done reactively
and randomly in some cases," Olstik said. "A lot of enterprises
lack a centralized process and many have inconsistencies and
redundancies resulting in costs that aren't needed."
While high profile data breaches are a driver toward more
spending to protect sensitive data, compliance and government
regulations are also driving spending. The study found that 72% of
respondents found government regulations and compliance the biggest
motivators for protecting confidential data.
Connectivity between enterprises, their customers and their
business partners also play factor in driving intellectual property
concerns, Olstik said. Attackers are also getting more
sophisticated and the threat from insiders is also raising concern
about data protection, he said.
"Most people have to begin with a full risk assessment to
discover what the risks are and develop a strategy to prevent data
leakage," Olstik said. "Now it is clear that you have to spend
money to protect yourself, because the cost of a breach is higher
than the cost of the solution."