Companies Are Rethinking DLP Strategies and Investments

Share with your network!

Information protection and cloud security are priorities for any enterprise looking to avoid costly data breaches and data leaks. But a new CyberRisk Alliance (CRA) report finds that the growing complexity of IT environments due to the adoption of cloud technologies is making it even more challenging for organisations to implement the data protection measures needed to help prevent critical data loss.

The CRA report—“Legacy DLP Crumbles in the Cloud”—was sponsored by Proofpoint and features research from a study conducted in the fall of 2021. The study found that while many companies have invested in solutions for data loss prevention (DLP), budgets are inconsistent. Also, DLP solutions and strategies vary widely across the organisations represented in the study.

Many of the respondents—primarily IT and cybersecurity decision-makers in the United States, the United Kingdom, France and Germany—reported that they still worry about their organisation being vulnerable to data loss, even with a DLP solution in place. Also, many said they fear that their company’s DLP strategy and investments are now misaligned because of the major shift to remote work driven by the COVID-19 pandemic.

U.S. firms struggling with information protection failures

Other key findings from the CRA’s recent study suggest that the respondents’ significant level of concern about the risk of data loss for their business is not unfounded:

  • About 80% of all respondents’ organisations have experienced at least one security incident in the past 12 months—more specifically, a data breach or data leak arising from compromised, malicious or unintentional causes.
  • Nearly half of the respondents said the number of breaches and losses increased at their organisation in 2021 compared with 2020.

The study also found that U.S. organisations are facing data loss incidents more often than their counterparts in Europe. More than one-third of U.S. respondents said their firm had experienced at least three data breach or data leak incidents in the past year, compared to 22% of respondents from Europe.

Also, more than half (53%) of all U.S. respondents reported that the number of breaches increased in the past year. Forty percent of Europeans said the same about their organisations.

Management of legacy infrastructure among top data security challenges

The IT and cybersecurity decision-makers who participated in CRA’s recent study pointed to an array of issues that are eroding their confidence in their organisation’s information protection abilities.

Top among those challenges is coaching users to adopt more secure behaviours, with 57% of respondents ranking this issue among the top three data security challenges. In the second spot on the list is managing legacy infrastructure (54%), followed closely by incident response and investigation (51%). User productivity issues (48%) and the lack of IT security staff (40%) round out the list of data security challenges that the respondents said they worry about most.

Cloud security concerns amplifying worries about remote work risks

As noted earlier, the shift to remote work has many IT and cybersecurity decision-makers feeling less confident about the effectiveness of their organisation’s information protection strategies and investments. In fact, the CRA study found that remote employees dominate concerns related to data breach prevention and mitigation.

However, for many respondents, it’s the intersection of remote work and the cloud that is a significant source of consternation:

  • More than one in three respondents (35%) reported that they are “very concerned” about remote employees using unapproved cloud applications.
  • Twenty-nine percent of respondents said they worry about these users storing corporate data on personal cloud storage.
  • And 28% of IT and cybersecurity decision-makers expressed concern about remote workers downloading sensitive data. (U.S. respondents are particularly worried about this issue, according to the CRA report.)

The cloud itself is a data security worry for organisations, too — regardless of the remote work factor. Organisations need to take a people-centric approach and replace worry with modern solutions that push forward without compromising their data security.

The CRA report notes that most respondents view cloud environments and applications as the riskiest data loss channel. One respondent to the study, a director of IT for a high-tech firm in Germany, said of his organisation, “Our biggest security challenge is protecting cloud data.”

A different approach to address modern enterprise challenges

While most IT and cybersecurity decision-makers surveyed by the CRA said they have researched or already use enterprise DLP platforms, many respondents reported that their organisation is very or somewhat likely to invest in this kind of solution in the next 12 months.

The need to adopt a more modern, streamlined approach to DLP is likely a motivating factor for many firms looking to invest in an enterprise DLP platform. And cloud security and remote work risks are no doubt adding pressure. One respondent, a vice president of IT for a manufacturing firm in the United States, said, “The hybrid and work-from-home era requires us to make the case for a DLP platform.”

Another respondent, a chief information security officer (CISO) in the United States who works in the financial services industry, said their organisation’s move to an enterprise DLP platform was “a positive experience.” The CISO said, “It allows us to keep our data safe in a very simple way. That way, we worry less about security breaches, and we use that time in other activities.”

A key takeaway from the survey is that organisations using legacy DLP practices need to consider a more modern enterprise approach to better accommodate the reality of more people accessing data remotely. Proofpoint provides unique people-centric visibility and can help you get started on your cloud DLP journey with our Information Protection program design services. The modern solutions for DLP that Proofpoint provides keep scalability, ease of use, security and extensibility at the forefront to allow organisations to push forward in today’s work-from-anywhere world.

Learn More

To read more findings from CRA’s study and get tips on building DLP practices for a remote work-driven, cloud-forward, multichannel world, get your copy of the “Legacy DLP Crumbles in the Cloud: 2022 CRA Report,” available for download here.

For more information on how Proofpoint can protect your data, head here.