Performance and control problems in data leakage prevention

Data leakage, in the rawest form, refers to passing of data to such entities who were not supposed to have access to it.

With the ever increasing database of organizations, averting such leakages is a matter of major concern to companies. Devising and implementing ways to plug such holes of drawing information calls for sophisticated tools and software programmes as these may range from employees sending product plans to competitors to hospitals accidentally sending patient information to the wrong person to executives accidentally pressing the 'reply to all' button inadvertently to reveal the information about future acquisitions to third-parties. So, we need provisions to prevent both the "by-chance" and "deliberate" losing of data. KPIs aid in doing this.

KPIs can be summed-up in a balanced score card in various dimensions such as Risk Management (the parameters used may be-risk assessment, management involvement, audit trials and Physical and Environmental involvement), Security Controls (by assigning values to measures such as Compliance Level, Tracking Effectiveness, System Security Plans and Encryption), Authorized Processing (can be judged via Authorization, IATO, Background Screening and Interception Protection) and Data Integrity (can be evaluated by parameters like Virus Scan, Password Verification and logical Controls).

KPIs are a way of using both financial and non-financial factors to judge the performance of the organization in a particular direction. These are specific, measurable, actionable, relevant and time-bound. KPIs in the current reference would help the security experts in knowing what initiatives are being taken-up by a given company in abiding by the rules of keeping the information confidential and to what extent have they been successful. Also it would help the prospective clients in zeroing on the perfect partner to work with by taking one of the criteria as the data protection. One of the most important tasks, the protection of intellectual property and sensitive information (such as the customer files) is achieved by these quantifiable parameters.

With the increase in the pace of technological advancements have emerged the threats one has to face while dealing with the issue of protecting the heaps of data an organization gathers from various sources. Email, Internet and the intensifying use of removable storage devices have made it an easy task to leak restricted information, both intentionally and unintentionally. Even after the need for protecting information has been realized, implementation and administration of the expensive technological solutions is not always a cake-walk. Loss of data is both costly and embarrassing. However, one can combat such challenges by making the employees acquainted of the need and ways of keeping the information accessible to only the required bodies.

Importance of data protection cannot be taken for granted with the new ways of snatching information from the organization's database coming into picture. The security threats have to be given the deserving importance and means for addressing them need to be implemented in a timely and cost-effective manner. Though this is easier said than done, initiatives should come, from both the organization's and the employees' side or the end of the company may not be too far.