Serial layoffs, the growing ranks of unemployed and a precarious job market have taken their toll in many ways – not the least of which is by putting an organization’s sensitive IP data at risk.
In fact, employees not only think it is acceptable to take and use IP when they leave a company, but they often uphold a belief that their employers don’t care, according to a recent Symantec Corp survey. One of the most significant findings is that half of employees who either left or lost their jobs over the last 12 months kept confidential corporate data, while 40 percent said they planned on leveraging that pilfered data in their new jobs.
“Companies cannot focus their defenses solely on external attackers and malicious insiders who plan to sell stolen IP for monetary gain. The everyday employee, who takes confidential corporate data without a second thought because he doesn’t understand it’s wrong, can be just as damaging to an organization,” said Lawrence Bruhmuller, Symantec vice president of engineering and product management.
Less than half (47 percent) of respondents maintain that their organization takes action when employees abscond with sensitive information. And 68 percent of employees contend that their organization does nothing to ensure that employees don’t use confidential competitive information from third parties.
Other survey highlights include:
- 62 percent say that it is acceptable to transfer work documents to persona computers, tablets or smartphones, while the majority of workers never delete that data
- 56 percent of respondents don’t believe it’s a crime to use competitors’ trade secret information
- 44 percent of employees believe a software developers who creates source code for a company has some ownership in their and inventions, while 42 percent don’t believe it’s crime to reuse the source code, without permission, in projects for other firms.
- Only 38 percent of employees say their manager views data protection as a business priority, and 51 percent think it is acceptable to take corporate data because their company does not strictly enforce policies.
Among other things, the findings open up opportunities for solution providers to revisit strategies around data protections with customers, especially what is typically considered an organizations’ crown jewels – its intellectual property.
Initially that could lead to a broad spectrum of partner-led education services designed to raise employee acumen around IP and data loss policies and best practices. And it could also open doors for partners around policy creation and development, with a specific focus on enforcement of NDAs and regulations that protect IP.
But moreover the findings set the stage for the channel to refocus efforts on developing robust data protection policies bolstered with security defenses that include data loss prevention, monitoring, analytics and risk management solutions.
And with the study, Symantec is likely giving its DLP and risk management solutions an added boost. Among the key areas in last month’s sweeping overhaul — dubbed Symantec 4.0 — the Mountain View, Calif.-based security company maintained it would focus particular attention to information security services as well as identity and content-aware security gateway solutions and cloud-based information management.
Symantec’s projected product investments seem to align with forecasts that estimate that the data loss prevention market will grow at a CAGR of 17.5 percent between 2011 and 2015, driven by the convergence of multiple solutions, as well as increasing demand for SaaS-based DLP.
That, in turn, gives partners a little more wiggle room to invest further data protection solutions and get creative when building out related services down the road.
Leave a Reply