Data leakage as much a physical and behavioral problem as network issue 30 September, 2008 By Chris Talbot

PromoPipeline Exclusive Channel Promotions Find Out How You Can Make Money Today! ENROLL FREE! >> Factory Direct Should Not be Cheaper William Vanderbilt - Innovative Learning Channels Cloud Ecosystem II: A Candid Conversation with Oracle Beth Vanni - Amazon Consulting Cloud Ecosystem: A Candid Conversation with Rackspace Hosting Beth Vanni - Amazon Consulting Channel Manager Compensation William Vanderbilt - Innovative Learning Channels Financial Expertise William Vanderbilt - Innovative Learning Channels

The survey, conducted by InsightExpress, was designed to examine data loss and data leakage, as well as to get a better understanding of what causes them to happen. InsightExpress surveyed 1,000 IT professionals and 1,000 employees from 10 countries, including the U.S., the U.K., France, Germany, Italy, Japan, China, India, Australia and Brazil.

While technology can help to solve the problem of data loss/leakage, it doesn't even begin to address the behavioral and cultural problems that the study found. For instance, when asked if they had ever altered the security settings on their work computers, one in five employees said they had done so to access unauthorized Web sites. This was most common in emerging markets like Brazil, China and India.

There have been a lot of companies in those three markets moving towards using PCs in recent years, and they didn't go through the huge virus outbreaks experienced in other countries about seven or eight years ago, said Marie Hattar, vice president of network systems and security solutions marketing at Cisco Systems.

"Those of us who have had computers around a little bit longer are a bit more cautious," Hattar said. Workers in Brazil, China and India have not necessarily been educated on the ramifications of their actions, she said.

When IT professionals were asked if they had had to deal with employees gaining unauthorized access to the network or to physical areas, about 45 per cent said "yes."

"This happens fairly regularly," Hattar said.

The industry has made data loss/leakage about network security, but it's just as much of a physical security problem as a network security issue, Hattar explained. For instance, it's not uncommon for employees to open a door to an authorized area and then hold the door open for someone else wanting to enter. While it may seem polite (and in some cultures, it would be a loss of face not to do so), it opens up physical security issues that can be corrected with behavioral changes.

"To truly provide a complete data loss or data leakage prevention solution, you have to take into account not just the network security piece but also the physical security piece," Hattar said.

Employees sharing sensitive information with friends and family is also a key issue, with emerging markets once again being the most problematic geographic areas.

"What it highlights is this data leakage area is a key opportunity for channel partners to work with customers and help them put in some holistic strategies," Hattar said.

Deployment and maintenance of the technology is important, but channel partners can also build a consultative aspect into their security practices, she said.

"The partners who actually do invest and create a practice around security want to offer a consultative aspect [to customers]," said Susan Don, director of channel business development at Cisco Systems.