Companies Are Rethinking DLP Strategies and Investments

Information protection and cloud security are priorities for any enterprise looking to avoid costly data breaches and data leaks. But a new CyberRisk Alliance (CRA) report finds that the growing complexity of IT environments due to the adoption of cloud technologies is making it even more challenging for organizations to implement the data protection measures needed to help prevent critical data loss.

The CRA report—“Legacy DLP Crumbles in the Cloud”—was sponsored by Proofpoint and features research from a study conducted in the fall of 2021. The study found that while many companies have invested in solutions for data loss prevention (DLP), budgets are inconsistent. Also, DLP solutions and strategies vary widely across the organizations represented in the study.

Many of the respondents—primarily IT and cybersecurity decision-makers in the United States, the United Kingdom, France and Germany—reported that they still worry about their organization being vulnerable to data loss, even with a DLP solution in place. Also, many said they fear that their company’s DLP strategy and investments are now misaligned because of the major shift to remote work driven by the COVID-19 pandemic. 

U.S. firms struggling with information protection failures

Other key findings from the CRA’s recent study suggest that the respondents’ significant level of concern about the risk of data loss for their business is not unfounded: 

  • About 80% of all respondents’ organizations have experienced at least one security incident in the past 12 months—more specifically, a data breach or data leak arising from compromised, malicious or unintentional causes. 
  • Nearly half of the respondents said the number of breaches and losses increased at their organization in 2021 compared with 2020.

The study also found that U.S. organizations are facing data loss incidents more often than their counterparts in Europe. More than one-third of U.S. respondents said their firm had experienced at least three data breach or data leak incidents in the past year, compared to 22% of respondents from Europe. 

Also, more than half (53%) of all U.S. respondents reported that the number of breaches increased in the past year. Forty percent of Europeans said the same about their organizations.

Management of legacy infrastructure among top data security challenges

The IT and cybersecurity decision-makers who participated in CRA’s recent study pointed to an array of issues that are eroding their confidence in their organization’s information protection abilities. 

Top among those challenges is coaching users to adopt more secure behaviors, with 57% of respondents ranking this issue among the top three data security challenges. In the second spot on the list is managing legacy infrastructure (54%), followed closely by incident response and investigation (51%). User productivity issues (48%) and the lack of IT security staff (40%) round out the list of data security challenges that the respondents said they worry about most.

Cloud security concerns amplifying worries about remote work risks

As noted earlier, the shift to remote work has many IT and cybersecurity decision-makers feeling less confident about the effectiveness of their organization’s information protection strategies and investments. In fact, the CRA study found that remote employees dominate concerns related to data breach prevention and mitigation. 

However, for many respondents, it’s the intersection of remote work and the cloud that is a significant source of consternation:

  • More than one in three respondents (35%) reported that they are “very concerned” about remote employees using unapproved cloud applications. 
  • Twenty-nine percent of respondents said they worry about these users storing corporate data on personal cloud storage. 
  • And 28% of IT and cybersecurity decision-makers expressed concern about remote workers downloading sensitive data. (U.S. respondents are particularly worried about this issue, according to the CRA report.)

The cloud itself is a data security worry for organizations, too — regardless of the remote work factor. Organizations need to take a people-centric approach and replace worry with modern solutions that push forward without compromising their data security.

The CRA report notes that most respondents view cloud environments and applications as the riskiest data loss channel. One respondent to the study, a director of IT for a high-tech firm in Germany, said of his organization, “Our biggest security challenge is protecting cloud data.”

A different approach to address modern enterprise challenges 

While most IT and cybersecurity decision-makers surveyed by the CRA said they have researched or already use enterprise DLP platforms, many respondents reported that their organization is very or somewhat likely to invest in this kind of solution in the next 12 months. 

The need to adopt a more modern, streamlined approach to DLP is likely a motivating factor for many firms looking to invest in an enterprise DLP platform. And cloud security and remote work risks are no doubt adding pressure. One respondent, a vice president of IT for a manufacturing firm in the United States, said, “The hybrid and work-from-home era requires us to make the case for a DLP platform.”

Another respondent, a chief information security officer (CISO) in the United States who works in the financial services industry, said their organization’s move to an enterprise DLP platform was “a positive experience.” The CISO said, “It allows us to keep our data safe in a very simple way. That way, we worry less about security breaches, and we use that time in other activities.”

A key takeaway from the survey is that organizations using legacy DLP practices need to consider a more modern enterprise approach to better accommodate the reality of more people accessing data remotely. Proofpoint provides unique people-centric visibility and can help you get started on your cloud DLP journey with our Information Protection program design services. The modern solutions for DLP that Proofpoint provides keep scalability, ease of use, security and extensibility at the forefront to allow organizations to push forward in today’s work-from-anywhere world.

Learn More 

To read more findings from CRA’s study and get tips on building DLP practices for a remote work-driven, cloud-forward, multichannel world, get your copy of the “Legacy DLP Crumbles in the Cloud: 2022 CRA Report,” available for download here.

Join us for our upcoming webinar, "Modernize Your Data Loss Prevention Strategy for the Reality of Today's Challenges," on April 14, 2022. 

For more information on how Proofpoint can protect your data, head here

Subscribe to the Proofpoint Blog