The first rule of DLP: know where your sensitive data is



A Ponemon Institute study released this week reported that only 16% of IT security professionals know where sensitive data is located on their organization’s computer systems – leaving the overwhelming majority left guessing where their data loss prevention efforts should be directed.

The study surveyed 1,587 IT security professionals whose jobs include helping protect sensitive or confidential structured and unstructured data – with only 7% of respondents knowing the location of all sensitive unstructured data, including in emails and documents.  As such, not knowing where their organization’s sensitive or confidential data is located was identified as the biggest worry for IT security professionals, eclipsing both hacker attacks and insider threats – and rightfully so!

It should go without saying that knowing where data is located should be a prerequisite for sound IT security but we know from our own experience that too often this isn’t the case. With the threat of data loss and cyber-attacks growing as an increasing number of criminals become digitally savvy organisations can little afford to be unsure where data is stored and where their efforts to protect it should be focussed. We’ve said it before, and we’ll no doubt say it again, the first phase of solid Data Loss Prevention is ultimately knowing where the data is.

The full story can be found here.