After years of battling intrusions, viruses, and spam, organizations now find themselves wrestling with a relatively new but hugely significant security issue: data leakage. By March 2008, the inadvertent exposure of company confidential information was already being cited by analyst IDC as the number one threat, above viruses, Trojans, and worms. At the end of the year, 80 percent of respondents in another survey agreed that data security was one of the biggest challenges facing them, with 50 percent of respondents admitting they'd experienced a data leakage incident in 2008.
IDC's survey identified intellectual property as the most common type of information leaked and 81 percent of respondents saw information protection and control (IPC) - defined as monitoring, encrypting, filtering, and blocking sensitive information contained in data at rest, data in motion, and data in use - as an important part of their overall data protection strategy. The highest priority IPC solution was data leakage prevention (DLP) deployed at the organization's perimeter and on endpoint computers.
The intentional or accidental exposure of information, ranging from legally protected personal information to intellectual property and trade secrets, is something that affects the IT environment in its widest sense, involving lost or stolen laptops, USB keys and other devices, email, and Web 2.0 applications, such as IM.
The challenge now is not simply to protect data from the threat of theft or corruption from malware, but to add a second security layer preventing data being accessed if it is lost.