Anand Kekre, the newly appointed Country Manager for Reconnex’s India operations talks to Biztech and shares his perspective on Data Leak Prevention (DLP) and the emerging trends in the space.

Just how mature a practice is Data Leak Prevention (DLP)?

In the recent years, external factors have fuelled a significant increase in interest by companies in Data Leak Prevention (DLP). Not only the government regulatory bodies, but investors as well, have begun to scrutinize companies' risk-management policies and procedures. I think, DLP is an ever evolving process as the business environment is always changing, throwing up new challenges and new risks.

Where do you think the greater threat lies, outside or on the inside?

Over the last few years organizations have focused on the bad guys outside and the protection of inside information was secondary. Now that the castle walls are high and protection is firm, organizations are starting to invest in technologies that can protect their information assets from disclosure. Analysts with Gartner estimate that 70 percent of all corporate security incidents that result in financial loss come from insiders exploiting their authority inappropriately, or sometimes just inadvertently.
According to the United States Commerce Department, Intellectual Property (IP) theft – one of the biggest risks – alone costs more that $250 billion per year to companies in the US. While IP protection is critical, so are privacy issues, and ensuring compliance with regulations.
Hence the corporate information needs to be protected throughout its lifecycle. Also, companies need to defend against the threats of Data Leakage at each stage of risk exposure – before it occurs, while it is happening, and after it has already taken place.

How have compliance mandates affected the outlook towards DLP?

Compliance has definitely been a driving force behind DLP adoption, but it is just one dimension to the risk. IP protection, particularly with globalization, has added another dimension to DLP. Failure to comply with regulations could result in fines, penalties, and even jail. But the leakage of Intellectual Property like trade secrets, source code, strategies could result in the complete loss of competitive edge in marketplace.

What are some of the other elements of an effective DLP strategy?

Automated DLP systems definitely would help organizations protect assets. However, it has been proven time and again that merely implementing leak prevention measures is not suffice and despite having the necessary preventative measures in place organizations have faced data leakage instances.
Several incidents in the past have produced compelling evidence against employee information leakage abuse. And hence, creating user awareness and education must form a part of any DLP strategy. In addition to this, since many data leakage incidents are inadvertent, business users also need to be taught how to handle information sensitive in nature.

Do you think that Indian enterprises realize the importance of DLP?

Indian companies are beginning to invest in DLP. However, it’s at a very nascent stage and I am yet to see serious adoption. In India regulatory compliance has not been as prevalent as in the US and some of the other parts of the globe. However, trends like globalization and outsourcing are expected to encourage Indian companies to take a more serious look at DLP and safeguard their privacy and enforce IP protection through such tools.