The last year has shown more than ever how careful businesses need to be with their data. However, recent reports suggest that only a fraction of Middle Eastern enterprises have data loss prevention policies in place. Does this make the region a ticking time bomb about to explode with data breaches?
Remember the premise of the latest James Bond movie, Skyfall? The British Secret Service's boss, M, loses a hard drive containing the names of every undercover NATO operative working around the world. The main antagonist, Raoul Silva — a former MI6 operative and self-proclaimed computer genius — then goes about using the list to reap havoc in an attempt to ultimately kill M.
Skyfall might have been the most successful Bond movie of all time, but there's not an IT pro in the world who would say that the technology-related parts of the premise were anything like reality.
Apart from the ease with which baddie Silva is able to hack one of the most technologically advanced government entities on the planet, there's little chance that MI6 would have allowed the data on that hard drive to be lost, even if the drive itself was. In real life, any spy agency worth its salt would have implemented some kind of data loss prevention (DLP) solution — just as any organisation intent on keeping its data secure would.
DLP differs from traditional security in the sense that it focuses entirely on protecting information as an asset, according to Rob McMillan, Research Director, Gartner.
"Without DLP, there are few options to protect information as a discrete asset; most technical security controls are focused on the protection of infrastructure, rather than information," he says. "It provides organisations the opportunity to control the release of information in real time using a policy-based approach, with control decisions based on both the business rules (i.e. the policies) and the actual content of the information.
"It also provides an ability to give staff real-time tutorial on the decision that they make with regard to an organisation's information, thus providing a new and effective form of user awareness."
However, Paul Wright, Managing Director of Professional Services and Investigation Team for the Middle East, India and Africa, AccessData, says that DLP is not such a clear-cut term.
"In the eyes of some, data loss prevention is purely and simply a marketing tool. They say that there is no such thing. The reason being, other than switching off all computers and networks, it is impossible to guarantee that you have prevented data loss. The best that can be aimed for and achieved is data loss detection or deterrence," he says.
Sign up for CIO Asia eNewsletters.