Implementing or improving Data Leakage Prevention (DLP) technologies is the second-highest security priority in the coming 12 months.
When considering how organizations are leveraging new technologies, there are two distinct aspects related to information security that should be examined: 1. Which technologies are organizations implementing to improve their informationsecurity programs? 2. What are organizations doing to address the risks that are inherent with the introduction of new technologies? Our survey results provide an insight into how technology can have both a positive and negative effect on information security.
Data leakage protection
Due to increasing and new risks organizations are facing, data protection is now top of mind for manyinformation security leaders. Implementing or improving data leakage prevention (DLP) technologies is the second-highest security priority in the coming 12 months, identified by 40% of respondents as one of their top three priorities. Implementing DLP technologies is now a higher priority for many organizations than both security awareness training (39%) and regulatory compliance (27%). Improvinginformation security risk management (47%) was the only priority that topped DLP technologies from an overall perspective, but more respondents (19%) selected DLP as their first priority for the next year. It is also worth noting that 90% of respondents plan on spending relatively the same (47%) or more (43%) over the next year on implementing or improving DLP technologies and processes. Please indicateyour top three security priorities for the coming 12 months?
Improving information security risk management Implementing/improving DLP technologies and processes Internal security awareness and training Regulatory compliance Performing security testing 4% Risk management Implementing/improving IAM technologies and processes Implementing standards Implementing virtualization technologies
6% 8% 7%8% 11% 11% 8% 8% 6% 7% 5% 7% 9% 12% 8% 6% 6% 6% 16% 19% 14% 7% 17% 12% 14% 9% 14%
Implementing/improving secure development processes 2% 5% Stafﬁng 2% 2% 3%
Shown: percentage of respondents
Outpacing change: Ernst & Young’s 12th annual global information security survey
DLP tools will be the leading security technology implementedover the next year. According to our survey results, 50% of respondents are at some stage of the evaluation and implementation process; 22% have planned an implementation within 12 months; and another 28% are currently evaluating the technology. However, it isn’t just DLP technology being implemented to protect data. Of the top information security technologies planned for implementation in thecoming 12 months, most are also related to this objective, including: encryption of portable media (19%), laptop encryption (17%) and email encryption (15%) and identity and access management (IAM) products (15%). When we look at the information security technologies that are currently in use by our survey respondents, we find that three of the top five are also aimed at protecting sensitive data:content monitoring and filtering tools (69%), laptop encryption (41%), and email encryption (35%). Which of the following security technologies are used or have been identified for use by your organization?
Data leakage prevention tools Encryption of portable media Laptop encryption Governance, risk and compliance tools Email encryption IAM products Enhanced authentication (802.1x, tokens)Desktop encryption Digital rights management Content monitoring and ﬁltering tools Physical and logical security convergence
24% Currently using 9% 15% 14% 25% 25% 41% 36% 35% 31% 49% 12% 10% 69% 26% 34% 31% 17% 15% 15% 22% 19% 17% 28% 29% 23% 24% 25% 25% 12% 18% 39% 45% 9% 10% 41% Under evaluation Not using 12% 25% 27% 19% 23% 25% 29% 21%
Few companies are encrypting their laptops. Only 41% of...