Report: Plugging Data Leaks Is High Priority

By Lisa Vaas  |  Posted 2007-03-05 Print this article Print

A new survey finds that 90 percent of companies plan to implement new technology to secure electronic copies of intellectual property in the coming year.

In the wake of incidents such as TJXs potentially massive loss of data to theft, reported in January, it shouldnt come as a surprise to find that 90 percent of companies plan to plug in new technology to secure electronic copies of intellectual property in the coming year. That was one finding of a report from Enterprise Strategy Group, issued on March 5, titled "Intellectual Property Rules." ESG surveyed 112 organizations, each with more than 1,000 employees, for the report.
The ESG survey—sponsored by information protection company Reconnex—is the first of a series of surveys that will come out quarterly on the topic.
One of the findings that surprised ESG was how big the IP problem is, according to Eric Ogren, a security analyst for ESG. Protecting PII (personally identifiable information) such as the credit card numbers, Social Security numbers and other pieces of user and customer data are actually not the top priority with most organizations, Ogren said. "We asked upfront, what do you consider to be intellectual property?" he said. "What they want to protect is financial information, contracts and agreements. Only after that is PII." Other IP that companies are looking to protect include, in order of reported priority, source code, competitive intelligence, internal research data, design specifications, customers PII, trade secrets, CRM (customer relationship management) databases, patent documents and sponsored research data. Whats tough about protecting such data is that it comes in so many different forms. Much of it doesnt fit into a neat fixed-format, as would Social Security numbers or credit card numbers, for example. Instead, it comes from all over the network. Specifically, ESGs report shows that in the surveyed population, 21 percent of IP resides in corporate e-mail; 17 percent lives in corporate portals or intranets; 34 percent is stored in application databases such as SAP, Oracle or SQL Server; and 28 percent is kept in file systems, including spreadsheets, Word documents and the like. "If you think e-mail is your only issue, youre only solving 20 percent of [the] problem," Ogren said. Tremendous resources are being spent to search for networked IP, Ogren said, in terms of both manual and automated procedures. According to the report, 78 percent of those surveyed search for electronic versions of IP at least once a quarter. "Which is a major investment of time and resources," Ogren noted. "Its in many different forms, in many different places, communicated with many different protocols." Click here to read about how info thieves are targeting the enterprise. As for the biggest perceived threat when it comes to data loss, either malicious or sloppy insiders scare the respondents the most. Twenty-four percent of responders pointed to malicious insiders as the biggest threat to their IP falling into the wrong hands, while 34 percent feared that the problem lies with negligent insiders—an employee who just wants to do her job but doesnt understand the risk of IP that hangs around in her laptop, for example. Only 20 percent of respondents think that hackers are their biggest threat in this regard. The balance of threats are seen as coming from lack of security oversight (17 percent) or lack of distribution control (5 percent). The report puts forth four best practices for leakage protection. First, ESG recommends, enterprises should define comprehensive requirements for IP and PII at the same time. Protecting against leakage of one protects against leakage of the other, the company maintains. Its also necessary to segregate IP protection duties, according to ESG. That means empowering security teams to provide independent oversight of operations, including monitoring insider use of information. ESG also suggests automating discovery of IP, to cut down on the time and money currently being devoted to it. Finally, ESG recommends network-based solutions over distributed end-point software. "I dont think end-point software is going to solve it—it cant reside in all the places IP resides," Ogren said. Check out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.
Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel