"Many DLP users only have selective features switched on. To turn on all the features would completely disrupt an organisation's business and networks and is why it is exceptional to find organisations running DLP in full-blown mode. It should be noted that, even then, it will not guarantee preventing data loss."
If you really want to keep your data secure, then, there are differing views on how effective a DLP solution will be. Perhaps this is why the Middle East has been slow to jump on the DLP bandwagon, as a recent report from the InfoWatch group suggests.
"Let's take KSA [the Kingdom of Saudi Arabia] as an example," says Natalya Kaspersky, CEO, InfoWatch. "Joint research conducted with our local and regional partners suggests that 80 percent of companies in the Kingdom operate without internal data security systems in place. That's the bad news."
But why is this such bad news? Do traditional methods of securing data and networks simply not suffice anymore? And does this mean that the Middle East is soon to witness huge numbers of data breaches? According to Kaspersky, the risks associated with not having any DLP solutions in place are substantial, particularly when talking about government organisations or financial institutions.
"On a global scale, 2012 was the year of leaks from government organisations. There has been a noticeable increase in the proportion of leaks which emanated from government sources, demonstrating that the public sector is not paying sufficient attention to the issue," Kaspersky says. "Other areas of impact include the financial sector (more specifically banks). Data loss resulted in over $2 billion in direct losses globally in 2012 as a result of over 2 million records being compromised. And that's only what was reported in public."
Indeed, the InfoWatch report said that, given companies in many Middle Eastern countries are not forced to disclose data leaks, the region could have lost much more as a result. One expert suspected that the Middle East could have lost billions all on its own, all because proper procedures were not put in place to ensure the safekeeping of data. But if companies really are losing so much due to data leakage, why are they not doing something about it?
"Businesses are lax because legislation is lax," says Miguel Braojos, Vice President of Sales for Southern Europe, the Middle East and Africa, SafeNet. "And although most of them are aware of the dangers of not protecting their data, few of them are actually implementing DLP. Their approach is more reactive than proactive."
That said, the high-profile attack on Saudi Aramco last year has jolted the region into action. Braojos says that some government and financial institutions in the region are beginning to adopt DLP solutions, as the consequences of data loss are more serious in these sectors. Kaspersky, meanwhile, says that Saudi Arabia is expected to invest $400 million in DLP over the next five years, and that InfoWatch's research shows similar interest in the technology across the region.
Sign up for CIO Asia eNewsletters.