Nearly One Third of Organizations Are Struggling to Manage Cumbersome Data Loss Prevention (DLP) Environments, Cloud Security Alliance FindsMarch 16, 2023
The Cloud Security Alliance (CSA) released the Data Loss Prevention (DLP) and Data Security Survey Report. The survey, conducted in partnership with Netskope, a leader in Secure Access Service Edge (SASE), found that while DLP solutions are often an integral part of organizations’ data security strategy, companies are still struggling with the strategy and implementation of these solutions, and are in serious need of a more streamlined, cloud-ready approach to meet the demands of cloud-first environments.
The survey sought to better understand the industry’s knowledge, attitudes, and opinions regarding data protection in cloud-first technology, specifically the current DLP strategies companies are using, the pain points and challenges they’re encountering with these strategies, their concerns around remote workers as they relate to data security, and what types of security training they offer employees.
“Our research found that whether they are moving and sharing data through storage applications such as OneDrive or Dropbox or collaborating over Slack and Teams, organizations trust the cloud with their data. Even so, they’re having to cobble multiple solutions together in order to secure it. Our findings underscore the need for solutions that are easier to manage and that address current pain points, which include managing false positives and data governance,” said Hillary Baron, Senior Technical Director for Research, Cloud Security Alliance, and a lead author of the report.
Among the key findings:
- Cloud is the predominant means for transferring and sharing data. The most common way is via cloud storage applications (46%) such as OneDrive, Box, or Dropbox. Other common methods include cloud-to-cloud (39%), email (38%), or cloud collaboration and messaging applications (31%), such as Slack or Teams.
- Most organizations today use two or more DLP solutions. Seventy-two percent of respondents reported using at least two DLP solutions as a part of their DLP and data security strategy. As companies increase in size, so, too, does the number of DLP solutions-50 percent of large organizations (5,000-plus employees) report using at least three or more DLP solutions.
- Organizations struggle to manage their complex DLP environments. Among the top challenges cited by organizations are management difficulties (29%), too many false positives (19%), the need for manual version upgrades (18%), and deployment complexity (15%).
- Simplifying management is a top need for solving that complexity. Among the features respondents identified as being most desirable are unified policies and single console solutions (31%) to help with the management difficulty and deployment complexity; automatic updates (24%) to avoid additional manual work; and accurate detection (20%) to reduce the number of false positives.
“DLP solutions are an integral part of organizations’ data security strategy, but leaders are still struggling with this strategy and the implementation of solutions, especially for how complicated legacy and on-prem based solutions are to manage and maintain,” said Naveen Palavalli, Vice President of Products, Netskope. “These findings highlight the need for a comprehensive and easy-to-use cloud delivered data protection solution that integrates into their existing security controls and is a key tenant of their Zero Trust security strategy.”
Other findings include:
- Seventy-four percent of organizations have taken a keen interest in implementing their own Zero Trust strategies, and 95 percent have included DLP solutions as a part of these strategies.
- Organizations’ top three security concerns are data breaches (28%), followed by employees’ lack of security awareness (22%), and compliance (18%).
- On average, 51 percent of respondents’ workforce is remote. Accordingly, their top security concerns surrounding these employees is that of limited network security (41%).
Despite the fact that 57 percent of respondents reported experiencing a security incident in the past year, 31 percent of organizations reported offering security training less than once annually to never. Those that do provide training prefer a combination of in-person and virtual security training (40%).
The survey, which was sponsored by Netskope, was conducted online by CSA in October and November 2022 and received 2,673 responses from IT and security professionals from organizations of various sizes and locations. CSA research prides itself on vendor neutrality, agility, and integrity of results. Sponsors are CSA Corporate Members who support the findings of the research project but have no added influence on the content development or editing rights to CSA research.