New DLP survey reveals burden of legacy solution limitations and false positives
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released the Data Loss Prevention (DLP) and Data Security Survey Report. The survey, conducted in partnership with Netskope, a leader in Secure Access Service Edge (SASE), found that while DLP solutions are often an integral part of organizations’ data security strategy, companies are still struggling with the strategy and implementation of these solutions, and are in serious need of a more streamlined, cloud-ready approach to meet the demands of cloud-first environments.
The survey sought to better understand the industry’s knowledge, attitudes, and opinions regarding data protection in cloud-first technology, specifically the current DLP strategies companies are using, the pain points and challenges they’re encountering with these strategies, their concerns around remote workers as they relate to data security, and what types of security training they offer employees.
“Our research found that whether they are moving and sharing data through storage applications such as OneDrive or Dropbox or collaborating over Slack and Teams, organizations trust the cloud with their data. Even so, they’re having to cobble multiple solutions together in order to secure it. Our findings underscore the need for solutions that are easier to manage and that address current pain points, which include managing false positives and data governance,” said Hillary Baron, Senior Technical Director for Research, Cloud Security Alliance, and a lead author of the report.
Among the key findings:
- Cloud is the predominant means for transferring and sharing data. The most common way is via cloud storage applications (46%) such as OneDrive, Box, or Dropbox. Other common methods include cloud-to-cloud (39%), email (38%), or cloud collaboration and messaging applications (31%), such as Slack or Teams.
- Most organizations today use two or more DLP solutions. Seventy-two percent of respondents reported using at least two DLP solutions as a part of their DLP and data security strategy. As companies increase in size, so, too, does the number of DLP solutions—50 percent of large organizations (5,000-plus employees) report using at least three or more DLP solutions.
- Organizations struggle to manage their complex DLP environments. Among the top challenges cited by organizations are management difficulties (29%), too many false positives (19%), the need for manual version upgrades (18%), and deployment complexity (15%).
- Simplifying management is a top need for solving that complexity. Among the features respondents identified as being most desirable are unified policies and single console solutions (31%) to help with the management difficulty and deployment complexity; automatic updates (24%) to avoid additional manual work; and accurate detection (20%) to reduce the number of false positives.
“DLP solutions are an integral part of organizations’ data security strategy, but leaders are still struggling with this strategy and the implementation of solutions, especially for how complicated legacy and on-prem based solutions are to manage and maintain,” said Naveen Palavalli, Vice President of Products, Netskope. “These findings highlight the need for a comprehensive and easy-to-use cloud delivered data protection solution that integrates into their existing security controls and is a key tenant of their Zero Trust security strategy.”
Other findings include:
- Seventy-four percent of organizations have taken a keen interest in implementing their own Zero Trust strategies, and 95 percent have included DLP solutions as a part of these strategies.
- Organizations’ top three security concerns are data breaches (28%), followed by employees’ lack of security awareness (22%), and compliance (18%).
- On average, 51 percent of respondents' workforce is remote. Accordingly, their top security concerns surrounding these employees is that of limited network security (41%).
Despite the fact that 57 percent of respondents reported experiencing a security incident in the past year, 31 percent of organizations reported offering security training less than once annually to never. Those that do provide training prefer a combination of in-person and virtual security training (40%).
The survey, which was sponsored by Netskope, was conducted online by CSA in October and November 2022 and received 2,673 responses from IT and security professionals from organizations of various sizes and locations. CSA research prides itself on vendor neutrality, agility, and integrity of results. Sponsors are CSA Corporate Members who support the findings of the research project but have no added influence on the content development or editing rights to CSA research.
About Netskope
Netskope, a global SASE leader, is redefining cloud, data, and network security to help organizations apply zero trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements. Learn how Netskope helps customers be ready for anything on their SASE journey, visit netskope.com.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
View source version on businesswire.com: https://www.businesswire.com/news/home/20230315005367/en/
Contacts
Kristina Rundquist
ZAG Communications for CSA
kristina@zagcommunications.com