DATCHET, England, April 29, 2010 /PRNewswire/ -- CA , the world's leading independent provider of IT management software, today announced the results of a European IT security study revealing that 64% of UK organisations have not deployed Data Loss Prevention (DLP) technology. This ranks the UK behind countries such as France (only 23%), Ireland (50%), and Italy (60%). Without taking the necessary steps to identify sensitive data throughout the enterprise and protect it from loss or misuse, there is the risk of severe consequences for non-compliance, potential damage to the brand reputation, and reduced competitiveness.

According to the study, IT departments across the UK are struggling to deal with compliance issues, such as the Payment Card Industry Data Security Standard (PCI DSS) and the ISO 27001 information security standard. Surprisingly, they are unaware of how technology could help and many are unable to convince the business of the inherent risks to justify the required investment. This is despite the fact many UK organisations expect data privacy and national security to be the two areas of regulation that will impact them the most in the next five years.[iii][iii]

With more organisations adopting cloud computing to process and store data on an infrastructure managed by third parties, the need to apply security policies at the data level is stronger than ever. The CA survey highlights that IT security is a key factor in enabling the use of cloud computing among UK organisations[iv][iv]. DLP tools help with understanding the sensitivity of data and enable real time decisions to be made about what is and is not allowed to be processed and stored in each cloud environment. Employees should not be expected to understand all the issues, and may be completely unaware that copying a document from one location to another is moving it from an internally managed to a third party infrastructure.

A lack of time, a 'lack of compliance vision', and scarce resource availability[v][v] mean that IT managers find it difficult to address many compliance issues. All of these problems would easily be solved if organisations could track and control their data more effectively. However, it would not appear to be a priority: the research reveals that 'tracking the use of data' is believed to be less of a hindrance to compliance among UK organisations.

Those charged with managing IT security are most concerned about the activities of external users[vi][vi]. They are also concerned about the compromise of sensitive data, internet use, and the activities of internal users. All of these are linked: it is the sharing of data between users (often over the internet) that is behind many of the well publicised incidents involving the loss of sensitive data.

To be effective, a COA requires three fundamental elements in place. First, identity and access management (IAM) solutions which allow organisations to understand people, their roles and responsibilities, and to define and enforce their privileges. However, only 27% of UK organisations have a full IAM system in place. Second, a COA requires the ability to locate and classify data-52% of respondents say they have a system in place. The third element required to support a COA is a way to enforce policies that link people's roles to the use of that data. Many Data Loss Prevention tools automate the second and third elements-albeit to varying degrees. And as indicated earlier, 36% of UK organisations are currently using DLP technology.

Besides providing the capability to accurately discover and classify data, this identity-centric approach also helps police its use in a business context: enabling the monitoring and inspection of information, while enforcing pre-defined policies depending on the rights of the individual concerned. Ultimately, organisations need the ability to strike the right balance between effectively protecting their critical information from abuse, while adopting flexible security measures that enable users to perform at their best.

DLP tools are also increasingly being used for information control purposes, especially as regulators continue to take more heavy touch enforcement actions in an effort to achieve more credible discipline and deterrence. For example, the Information Commissioner's Office was granted the power to issue large penalties, which are designed to act as a deterrent and to promote compliance with the Data Protection Act. This succeeds in further raising the need for ownership to the board level.

The survey findings, provide clear and timely evidence that UK organisations require DLP technology in order to effectively support their compliance requirements, protect their brand value, and maximise competitiveness, says Simon Godfrey, Director, Information Security, Risk and Compliance, CA. As network perimeters continue to blur, it is clear that security needs to be applied to the data throughout its lifecycle. Information needs to be understood with policies applied to enforce who can use it and how.

He added, Linking DLP with IAM provides the right combination to achieve this: allowing organisations to discover, monitor, and control critical information wherever it is located, while ensuring that the information is only used by the right individuals in the right way and according to their roles and privileges. In essence, with the proliferation of sensitive information across enterprises, this combination enables a much-need practical approach for applying the principle of least privilege.

Bob Tarzey, Analyst and Director, Quocirca Ltd. comments, Recent high profile data breaches demonstrate that electronically-stored data is often insufficiently cared for. This failure to protect data is costly, not least because of the level of fines now being imposed by regulators. On top of this there is the reputational damage and loss of competitive advantage that usually ensue. The technology exists today to link the use of data to people through enforceable policies. This allows a compliance-oriented architecture to be put in place based on widely accepted information security standards, such as ISO27001. Doing this enables UK organisations to allow the safe sharing of information-both internally and externally-ensuring both the continuity of business processes and good data governance.

Survey Methodology

The research for You sent what? Linking identity and data loss prevention to avoid damage to brand, reputation, and competitiveness was conducted by Quocirca, a primary research and analysis company specialising in the business impact of ICT. A total of 270 interviews in 14 countries-including Belgium, Denmark, Germany, Finland, France, Ireland, Israel, Italy, the Netherlands, Norway, Portugal, Spain, Sweden, and the UK-were conducted in the second half of 2009. The interviews were with IT Directors, Senior IT Security Managers, and other IT Managers in four vertical sectors: telecommunications media, manufacturing, financial services, and government.

To download a copy of the survey report, please visit http://www.ca.com/gb/mediaresourcecentre

About CA

CA , the world's leading independent IT management software company, helps customers optimise IT for better business results. CA's Enterprise IT Management solutions for mainframe and distributed computing enable Lean IT-empowering organisations to more effectively govern, manage and secure their IT operations. For more information, visit www.ca.com.

About Quocirca

Quocirca is a leading primary research and analysis company, specialising in the impact emerging and evolving technologies have on businesses of all sizes. Based in the UK, Quocirca's primary research reach is world-wide, investigating, analysing and reporting on the perception of decision makers and influencers in the end user environment around technologies within their businesses.

EMEA Media Resource Centre

CA has setup a new online library, the EMEA Media Resource Centre where will find numerous press related documents that are sorted by current topics. You'll find abstracts for various bylined articles, background documents or top ten lists. For more information please visit http://ca.com/gb/mediaresourcecentre

Trademarks

Copyright (c) 2010 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

Lisa Stassoulli +44(0)1753 241372 Lisa.stassoulli@ca.com

SOURCE: CA

CONTACT: Lisa Stassoulli, +44(0)1753 241372, Lisa.stassoulli@ca.com