Enterprises still struggling with data leakage
Most enterprises scan their inbound e-mail for unwanted content but too many still ignore outbound e-mails that could result in lost intellectual property as well as legal and compliance issues.
Compliance regulations mean that most large companies in the banking and financial sector have already got to grips with issues surrounding data leakage but other industry sectors have a lot of catching up to do, according to security firms.
Patrick Peterson, vice president of technology at e-mail security firm IronPort, told ZDNet Australia on Monday that US regulations such as Sarbanes-Oxley and the Health Insurance Portability and Accountability Act (HIPAA), have meant that companies in the banking and financial sector are leading the way. These regulations also impact upon any firms conducting business in the US or with American companies.
"Outside of the targeted verticals, those requirements are not very mature but you can hear the footsteps.
"I think in the next two years all major enterprises and certainly all publicly traded companies in the US -- and shortly after in the UK and Australia -- are going to have at least the basics for data leakage," said Peterson.
Paul Ducklin, head of technology in APAC for Sophos, said that part of the data leakage problem could be solved if companies took advantage of features already included in their e-mail scanning hardware and software.
"People buy gateway products to religiously and scrupulously scan their inbound mail but they don't bother doing the same thing to their outbound mail, which seems crazy.
"Considering your outbound mail volume is generally a lot less than your inbound mail -- unless you are a spammer -- the extra load of scanning your outbound mail is almost irrelevant," he said.
This was also the view of Nick Hawkins, vice president of sales in APAC at Marshal, who claims that allowing the wrong information out of the corporate network could be more damaging than letting malware in.
"If you get hit by a virus then yes, it is going to impact you but it isn't the end of your business. However, if you are sending out company assets, that can have a massive impact," said Hawkins.
IronPort's Peterson said that administrators could start preparing for change by monitoring the types of files going through the network perimeter and scanning documents for phrases and terms that could potentially cause data leakage.
"How many executables are leaving? How many Word documents with [sensitive terms] are leaving? Who is sending them? You don't want to block any of it and don't want to tell the auditors and compliance group yet but you do want to be prepared," said Peterson.