Your SlideShare is downloading. ×
Proofpoint Outbound/DLP Survey Results
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Proofpoint Outbound/DLP Survey Results

1,237
views

Published on

In its seventh annual study of outbound email and data loss prevention issues, Proofpoint Inc. found that email continues to be the number one source of data loss risks in large enterprises as more …

In its seventh annual study of outbound email and data loss prevention issues, Proofpoint Inc. found that email continues to be the number one source of data loss risks in large enterprises as more than a third (35%) investigated a leak of confidential or proprietary information via email in the past 12 months. At the same time, the number of data loss events associated with social media channels continued to increase. Employee misuse of email, work-owned mobile devices, and popular social media tools including Facebook, LinkedIn, Twitter, video sharing sites, forums and blogs resulted in an increasing number of disciplinary actions—including termination—as enterprises demonstrate increasing concern about securing sensitive data.


0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,237
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
50
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Research Results: Outbound Email and DLP Survey, 2010 Keith Crosley Director of Market Development Proofpoint Michael Osterman Analyst and Principal Osterman Research Proofpoint, Inc. Proprietary and Confidential ©2010 1
  • 2. Agenda About Proofpoint and Our 2010 Survey Levels of Concern and Risky Content Frequency of Data Exposure Events Risky Content in Email and Social Media Policies and Enforcement Actions How do Companies Reduce Outbound Email and Web Risks? Proofpoint, Inc. Proprietary and Confidential ©2010 2
  • 3. Proofpoint: Cloud-Enabled Email Solutions 4000 Leading email security, compliance & Customers archiving solutions for complex organizations Enterprise-class protection for lowest email risk & cost-of-ownership Industry leadership Leaders Quadrant, Fastest Growing Best Buy, 5 Stars SEG Magic Quadrant Messaging Security (2009, 2010) (2008 & 2010) (2008) Proofpoint, Inc. Proprietary and Confidential ©2010 3
  • 4. About our Seventh Annual Survey: Goals Quantify the risks related to outbound messaging Raise awareness of policy, technology and cultural issues Understand technology adoption trends Special topics • Social media risks in the enterprise • Data loss and the economy Proofpoint, Inc. Proprietary and Confidential ©2010 4
  • 5. About our Seventh Annual Survey: Respondents Survey of 261 email technology/policy decision makers Companies with 1000 or more employees: • 190 with 1000 – 5000; 45 with 5001 – 20,000; 26 with 20,000+ • 139 private, 122 publicly-traded Key roles • 46% Director or manager of IT • 21% CIO, CTO or senior-most IT executive • 12% director or manager of messaging/email systems Email systems • 98% have on-premises email system (Exchange 2007, 2003 and 2010 most common) • 31% have a SaaS email system (Exchange 2007, 2010 most common) Proofpoint, Inc. Proprietary and Confidential ©2010 5
  • 6. Agenda About Proofpoint and Our 2010 Survey Frequency of Data Loss/Exposure Events • What are IT pros most worried about? • What are the most common types of data loss events? Risky Content in Email and Social Media Policies and Enforcement Actions How do Companies Reduce Outbound Email and Web Risks? Proofpoint, Inc. Proprietary and Confidential ©2010 6
  • 7. Data Loss/Exposure is not Rare 0% 10% 20% 30% 40% 50% 60% 36% Exposure of sensitive or 36% embarrassing information 30% 47% 31% Improper exposure or theft 33% of customer information 30% 13% 29% Overall (n=261) 1000-5000 employees (n=190) Improper exposure or theft 32% 5001-20,000 employees (n=45) of intellectual property 18% >20,000 employees (n=26) 27% 20% Ordered by a court or regulatory body 14% to produce employee email 27% 54% Proofpoint, Inc. Proprietary and Confidential ©2010 7
  • 8. Poll #1 Was your organization negatively impacted by the improper exposure of confidential information in the past 12 months? • Yes • No • Don’t Know Proofpoint, Inc. Proprietary and Confidential ©2010 8
  • 9. Levels of Concern about Various Data Loss Conduits 0% 10% 20% 30% 40% 50% 60% 70% Physical loss: Laptops, smartphones and other devices 64% Web-based email (e.g., Hotmail, Gmail) 60% Email sent from mobile devices 56% Email sent from organization’s SMTP email system 55% Postings to blogs and message-boards 54% Posts to social networking sites (e.g., Facebook, MySpace, LinkedIn, etc.) 53% Posts to media sharing sites (e.g., YouTube, etc.) 52% Short messages (e.g., SMS, MMS) sent from mobile devices 51% Messages sent via Web-based short messaging… 51% Instant Messaging (IM) applications 50% FTP (File Transfer Protocol) 49% Peer-to-peer (P2P) networks 46% Proofpoint, Inc. Proprietary and Confidential ©2010 9
  • 10. Data Loss Events: Email, Blogs, Devices, Employee Termination 0% 10% 20% 30% 40% 50% 60% 35% Investigated a suspected leak of 30% confidential or proprietary information via email 44% 54% 32% Investigated a suspected violation of 32% privacy or data protection regulations related to email 27% 38% 25% Investigated the exposure of confidential, sensitive 24% or private information via a blog or message board 24% posting 35% 22% Investigated the exposure of confidential, sensitive or 21% private information via lost or stolen mobile devices 22% or storage media Overall (n=261) 27% 1000-5000 employees (n=190) 21% 5001-20,000 employees (n=45) Investigated a suspected leak or theft of confidential 21% or proprietary information associated with an >20,000 employees (n=26) 18% employee leaving the company 27% Proofpoint, Inc. Proprietary and Confidential ©2010 10
  • 11. Data Loss Events: Social Media 0% 10% 20% 30% 40% 50% 60% 20% Investigated the exposure of confidential, sensitive 21% or private information via a posting 18% to a social networking site 23% 18% Investigated the exposure of confidential, sensitive 20% or private information via video or audio media 11% posted to a media sharing site 19% Investigated the exposure of material financial 18% information 18% (such as unannounced quarterly results or significant 11% deals) via a blog or message board posting 23% 17% Overall (n=261) Investigated the exposure of confidential, sensitive 17% 1000-5000 employees (n=190) or private information via short message service 5001-20,000 employees (n=45) 16% (e.g., SMS, MMS, Twitter) 15% >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 11
  • 12. Agenda About Proofpoint and Our 2010 Survey Frequency of Data Loss/Exposure Events Risky Content in Email and Social Media • Top outbound email concerns • How much email contains risky content? • Four types of risky content in email and IM/social media Policies and Enforcement Actions How do Companies Reduce Outbound Email and Web Risks? Proofpoint, Inc. Proprietary and Confidential ©2010 12
  • 13. Top Outbound Email Concerns 1 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 74% Ensuring compliance with 76% financial disclosure or 67% corporate governance regulations 73% 72% Protecting the confidentiality of 74% personal identity and financial information 56% 85% 71% Ensuring that email cannot be used 74% to disseminate company trade secrets 56% or valuable intellectual property 73% 71% Ensuring that email cannot be used 75% to disseminate confidential 55% internal memos 69% Overall (n=261) 1000-5000 employees (n=190) 5001-20,000 employees (n=45) >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 13
  • 14. Top Outbound Email Concerns 2 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 67% 70% Ensuring compliance with internal corporate email policies 56% 62% 63% Monitoring email for offensive 70% or otherwise inappropriate content and attachments 49% 38% 61% 66% Protecting the confidentiality of private healthcare information 38% 62% Overall (n=261) 1000-5000 employees (n=190) 5001-20,000 employees (n=45) >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 14
  • 15. As Many as 1 in 5 Emails Contains Risky Content “What percentage of email sent from your organization contains content that poses a legal, financial or regulatory risk?” • Mean (average) answer: 20% • Median answer: 10% • 19% of respondents “didn’t know” Proofpoint, Inc. Proprietary and Confidential ©2010 15
  • 16. Risky Content in Email 0% 5% 10% 15% 20% 25% 30% 35% 40% 32% 31% Adult, obscene, or potentially 19% offensive content 12% 7% 20% 34% Confidential or proprietary business 24% information about your organization 12% 9% 25% Valuable intellectual property or 28% trade secrets that should not 24% leave the organization 14% 9% Almost Never Less Common 26% Personal healthcare, financial Neutral 25% or identity data Common 22% that may violate privacy and Very Common 17% data protection regulations 10% Proofpoint, Inc. Proprietary and Confidential ©2010 16
  • 17. Risky Content in IM and Social Media 0% 5% 10% 15% 20% 25% 30% 35% 40% 36% 22% Adult, obscene, or potentially 23% offensive content 13% 7% 32% 25% Confidential or proprietary business 22% information about your organization 13% 8% 33% Valuable intellectual property or 26% trade secrets that should not 20% leave the organization 12% 9% 34% Personal healthcare, financial 21% Almost Never or identity data 20% Less Common that may violate privacy and 17% Neutral data protection regulations 9% Common Very Common Proofpoint, Inc. Proprietary and Confidential ©2010 17
  • 18. Importance of Reducing Outbound Email Risks in the Next 12 Months 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 37% 43% Very important 20% 23% 33% 31% Important 36% 46% 16% 13% Somewhat important 27% 19% 3% 3% Somewhat unimportant 5% 4% 8% 8% Overall (n=261) Very unimportant 5% 1000-5000 employees (n=190) 8% 5001-20,000 employees (n=45) 2% 1% >20,000 employees (n=26) Unimportant 7% 0% 1% 1% Don’t know 0% 0% Proofpoint, Inc. Proprietary and Confidential ©2010 18
  • 19. Importance of Reducing Outbound HTTP Risks in the Next 12 Months 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 30% 33% Very important 18% 23% 37% 37% Important 42% 31% 19% 17% Somewhat important 22% 31% 6% 5% Somewhat unimportant 9% 4% 2% 1% Overall (n=261) Unimportant 2% 1000-5000 employees (n=190) 4% 5001-20,000 employees (n=45) 7% 6% >20,000 employees (n=26) Very unimportant 7% 8% 0% 1% Don’t know 0% 0% Proofpoint, Inc. Proprietary and Confidential ©2010 19
  • 20. Agenda About Proofpoint and Our 2010 Survey Frequency of Data Loss/Exposure Events Risky Content in Email and Social Media Policies and Enforcement Actions • Prohibited activities • Adoption of acceptable use and other policies • Discipline and termination for policy violations How do Companies Reduce Outbound Email and Web Risks? Proofpoint, Inc. Proprietary and Confidential ©2010 20
  • 21. Prohibited Activities 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 63% Prohibit use of P2P 58% file-sharing sites 80% 81% 53% 53% Prohibit use of Facebook 63% 38% 53% Prohibit use of media-sharing 49% sites (e.g., YouTube) 60% 67% 49% 47% Prohibit use of Twitter 60% 38% 40% Prohibit use of personal 40% Webmail 43% Overall (n=261) 33% 1000-5000 employees (n=190) 39% 5001-20,000 employees (n=45) Prohibit personal use 40% >20,000 employees (n=26) of the Web 35% 38% Prohibit personal use of 38% 42% corporate email during 28% company time 24% 31% 32% Prohibit use of LinkedIn 38% 10% Proofpoint, Inc. Proprietary and Confidential ©2010 21
  • 22. Adoption of Acceptable Use Policies 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 94% 94% Acceptable use policy for email 96% 92% Web surfing policy 86% focused on 85% potential time wasted 91% by employees 85% 83% Web surfing policy 82% focused on 89% potential data loss 81% 81% 83% Social networking policy 73% 81% 80% Acceptable use policy for blog 82% and/or message board postings 73% 73% Overall (n=261) 1000-5000 employees (n=190) 5001-20,000 employees (n=45) >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 22
  • 23. Additional Email Policies Is Your Organization at Risk? 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 86% 85% Email retention policy 89% 92% 82% 85% Acceptable encryption policy 80% 65% 80% 80% Automatically forwarded email policy 79% 83% Overall (n=261) 1000-5000 employees (n=190) 5001-20,000 employees (n=45) >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 23
  • 24. Formal Policy Training Are Employees Equipped to Understand Your Policies? 0% 10% 20% 30% 40% 50% 60% 70% 55% Conducted a formal training 58% about the organization's email security policies 60% 31% 42% Conducted a formal training 45% about external regulations that apply email use 42% 15% 31% Conducted a formal training 38% Overall (n=261) about Web/social media security and acceptable use policies 16% 1000-5000 employees (n=190) 5001-20,000 employees (n=45) 12% >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 24
  • 25. Discipline & Termination: Email & Blog Violations 0% 10% 20% 30% 40% 50% 60% 70% 50% Disciplined an employee for 52% violating email policy 38% 58% 20% Terminated an employee for 21% violating email policy 11% Overall (n=261) 31% 1000-5000 employees (n=190) 5001-20,000 employees (n=45) 24% Disciplined an employee for 26% violating blog/message board policy 16% 19% 11% Terminated an employee for 13% violating blog/message board policy 4% 12% Proofpoint, Inc. Proprietary and Confidential ©2010 25
  • 26. Discipline & Termination: Media Sharing & Social Media 0% 10% 20% 30% 40% 50% 60% 70% 21% Disciplined an employee for 23% violating media sharing/posting policy 16% 15% 9% Terminated an employee for 10% violating media sharing/posting policy 7% Overall (n=261) 8% 1000-5000 employees (n=190) 5001-20,000 employees (n=45) 20% Disciplined an employee for 22% violating social networking policy 11% 15% 7% Terminated an employee for 9% violating social networking policy 0% 8% Proofpoint, Inc. Proprietary and Confidential ©2010 26
  • 27. Agenda About Proofpoint and Our 2010 Survey Frequency of Data Loss/Exposure Events Risky Content in Email and Social Media Policies and Enforcement Actions How do Companies Reduce Outbound Email and Web Risks? • Manual processes and technology adoption • The economy and data loss risk • SaaS and email security investment priorities Proofpoint, Inc. Proprietary and Confidential ©2010 27
  • 28. Reducing Data Loss Risks: Manual Processes 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 37% 38% Employ staff that monitors outbound email content 29% 38% 33% Overall (n=261) 34% 1000-5000 employees (n=190) Employ staff whose primary or exclusive job function is to read or otherwise analyze outbound email content 5001-20,000 employees (n=45) 23% >20,000 employees (n=26) 38% 48% 51% Perform regular audits of outbound email content 36% 48% Proofpoint, Inc. Proprietary and Confidential ©2010 28
  • 29. Poll #2 Are there employees in your organization tasked with reading or analyzing the contents of outbound email? • Yes • Yes – and that person is me • No • Don’t know Proofpoint, Inc. Proprietary and Confidential ©2010 29
  • 30. Reducing Data Loss Risks: Outbound Email Scanning Technologies 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 40% Technology solution that detects 44% protected health information in outbound email 27% 38% 39% Technology solution that detects private personal 40% or financial information in outbound email 33% Overall (n=261) 46% 1000-5000 employees (n=190) 5001-20,000 employees (n=45) 42% >20,000 employees (n=26) Technology solution for automatic encryption 43% of messages based on content & policies 41% 38% 36% Technology solution for detecting 39% intellectual property in outbound email 22% 38% Proofpoint, Inc. Proprietary and Confidential ©2010 30
  • 31. Reducing Data Loss Risks: Web Monitoring, Archiving, Outbound Spam 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 39% 43% Technology solution for monitoring content in webmail and other HTTP traffic 27% 38% 54% Overall (n=261) 55% 1000-5000 employees (n=190) Technology solution for email archiving 5001-20,000 employees (n=45) 52% >20,000 employees (n=26) 48% 65% 63% Technology solution for detecting spam or malware in outbound email 60% 85% Proofpoint, Inc. Proprietary and Confidential ©2010 31
  • 32. The Economy Continues to Have a Negative Impact on Data Protection 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 58% Budget constraints have negatively 59% impacted my organization’s ability to protect confidential, proprietary 59% or sensitive information 50% 53% IT staff reductions have negatively 54% impacted my organization's ability to protect confidential, proprietary 51% and sensitive data 50% 48% Increasing number of layoffs in 51% Overall (n=261) my organization has created an 1000-5000 employees (n=190) increased risk of data leakage 44% 5001-20,000 employees (n=45) 36% >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 32
  • 33. Do SaaS and Cloud Computing Increase Data Loss Risks? 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 49% Overall (n=261) The trend toward using SaaS and 1000-5000 employees (n=190) 49% cloud computing solutions in the 5001-20,000 employees (n=45) enterprise seriously increases the 50% >20,000 employees (n=26) risk of data leakage 44% 31% of companies have a SaaS messaging system 52% say they have deployed a SaaS solution for inbound email scanning • Additional 17% will “definitely” do so in the future • Additional 18% “might” 31% say they have deployed a SaaS solution for outbound DLP/compliance scanning • Additional 19% will “definitely” do so in the future • Additional 17% “might” Proofpoint, Inc. Proprietary and Confidential ©2010 33
  • 34. Email Security Investment Priorities Over the Next 12 Months 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 32% 36% Improving the ability to manage 21% eDiscovery in email 7% 3% Improving the ability to prevent 30% 36% sensitive content from leaving the 20% organization through email 8% in an unauthorized manner 7% 41% 25% Improving malware detection 21% and prevention 9% 4% 35% 30% Improving spam filtering 23% 7% 5% 25% Improving the ability to manage 38% eDiscovery for non-email 24% electronic content 8% Very High Priority 5% High Priority 25% Neutral 33% Improving employee self-service Low Priority 26% to archived email 8% Very Low Priority 8% Proofpoint, Inc. Proprietary and Confidential ©2010 34
  • 35. Q&A / Next Steps Attend a Live Proofpoint Demo Session Thursdays at 2:00 pm ET / 11:00 am PT Register today at www.proofpoint.com/livedemo For questions or more information contact us at: webinars@proofpoint.com, 408-517-4710 proofpoint.com/facebook proofpoint.com/twitter blog.proofpoint.com Proofpoint, Inc. Proprietary and Confidential ©2010 35
  • 36. Webinar Survey Enter to Win a Netbook! We value your opinion. Attendees of today’s webinar who complete the survey at the end of the presentation (within 10 minutes) will be entered to win a Netbook! Proofpoint, Inc. Proprietary and Confidential ©2010 36