Hydrasight believes information leakage prevention (ILP) remains broad in nature and difficult to contain. We note that that planned adoption of ILP continues to be based primarily on built-in functionality within selected products (e.g., email). Overall, ILP remains a(nother) area of information security and risk management technology with low levels of enterprise adoption—even within mature Asia Pacific markets such as Australia / New Zealand.
Hydrasight research shows that filtering of outgoing email is among the most popular implementation style for ILP and has the highest level of current implementation. 47% of respondent organisations indicated that email filtering solutions are already in place. We believe this high level of reported use, specifically for filtering technologies, is related to the use of automated inbound filtering solutions such as attachment/file-type filtering, content keyword filtering as well as limited outbound filtering (e.g., adding corporate disclaimers to email). Previous research also highlights that content filtering is not yet being applied to semantic analysis of content (i.e., where the meaning or intent of email is assumed) other than traditional in-bound spam filtering.
Looking at the topic of ILP in greater detail, Hydrasight research shows that the investment plans for 2008+ are as follows (in decreasing order of intention):
- Monitoring/filtering/blocking sensitive/confidential data contained in outgoing email
- Monitoring/filtering/blocking sensitive/confidential data contained in outgoing web traffic
- Port control for client devices (e.g., blocking use of external memory devices)
- Monitoring/filtering/blocking sensitive/confidential data contained in outgoing file transfers
- Client software that monitors/filters/blocks sensitive data when users are not operating on the corporate network
- Monitoring/filtering/blocking sensitive/confidential data contained in outgoing instant message traffic
In terms of potential partners for adoption of ILP, our research shows that few organisations in Australia / New Zealand were willing and/or able to name a vendor they considered to be in the best position to assist with their organisation’s needs for information leakage prevention. Furthermore, Hydrasight believes it reinforces the relatively nascent nature of the ILP adoption in 2008.
As the number of use cases for information access continues to expand, we believe the interest in information leakage is only likely to increase (refer "HYDRASIGHTS 2008: CIO"). Nonetheless, Hydrasight notes that prior, cyclic interest in information leakage has rarely translated into significant spending. In most cases, a significant leakage event has been treated with a review of IT policies, enhanced communications and employee training programs rather than investment in new technology. Hydrasight has therefore recommended that IT organisations continue to assess key environmental risks and business drivers so as to determine the appropriate technologies investments related to information leakage (refer "Picking battles in the war against information leakage").
Hydrasight believes that ILP is an important, targeted business need but that adoption of technical solutions will remain limited within Australia and New Zealand through at least 2012.