DLP vendors (and really any other security and encryption technology providers), take heart: Most IT executives are still uneasy about their ability to keep sensitive corporate data from walking out the door, floating over the transom or being ripped from their grasp by opportunistic cyber-thieves.
Or at least data-handling regulations like the PCI DSS standard are still making them feel so.
It's been a good few years now since California SB 1386 came to pass (Thanks, Mr. Peace et al.) and the good folks at ChoicePoint got us all acquainted with the need for many organizations to drastically improve their data defenses.
Of course, I just got a letter a couple of weeks ago from a former employer who shall go unnamed letting me know that my own financial info had been lifted from the offices of its now-bankrupt former financial benefits provider, but that's just my luck. (Thanks, Colt!)
Anyhow, according to a freshly minted study published by Osterman Research and backed by support from security software provider FaceTime Communications (of Paperghost fame), most IT execs are still sweating out the data security problem here during the midsummer swelter of year 2008.
Based on the results of the survey of just over 100 IT pros employed by mid-to-large-sized organizations located here in North America (and carried out over the course of the last week of June '08), 57 percent of those responding to the study admitted that they do not believe that their electronic information is adequately protected -- from leaks based on incidents or attacks delivered via messaging systems, specifically.
Moreover, rather than really worrying about the threat of cyber-crime, 48 percent of those participating in the survey reported that they seriously fear unintentional or accidental leaks of information by their own employees.
Some 31 percent cited data loss related to malware attacks as another ongoing area of concern, with another 38 percent pointing to activity by malicious insiders or former employees as a major worry.
To extrapolate on that angle further, 36 percent of respondents said they are more concerned about accidental employee data incidents than they are worried about the threat of malicious insiders or jilted former workers.
Approximately 40 percent of those respondents said they also fear unintentional data loss more than they are concerned about malware-driven incidents.
Pointing to the rise of "unified communications systems" (one of FaceTime's biggest areas of defensive focus), just about 50 percent of those surveyed said they remain fraught with angst over losses of data being executed over communications platforms.
Of those people, 23 percent indicated that it was their greatest area of concern for data leakage, while only 16 percent of respondents said they are currently unworried about the issue, and 9 percent said it didn't apply because they don't have or plan to adopt uni-comms any time soon.
So the big picture here appears to be that most IT departments are still scared as hell that they're missing something in the old e-mail, IM and FTP server world. And with the threat of physical theft of devices or people literally walking out the door with printed sheets or disks seemingly existing as the only other big areas for theft, one could assume that it seems that they're pretty much still scared of messaging-based data loss in general.
I think this a good thing, not a bad thing, because if more execs were under the impression that they were already well-defended or protected by some point solutions they already have in place that would likely mean that they're just sitting ducks for upcoming ownage, or for imprudent workers to leave their information exposed.
Clearly there is still plenty more work to be done in the whole world of data protection.
But, there probably always will be, no?
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.