SlideShare uma empresa Scribd logo

Proofpoint Outbound/DLP Survey Results

S
shapetech

In its seventh annual study of outbound email and data loss prevention issues, Proofpoint Inc. found that email continues to be the number one source of data loss risks in large enterprises as more than a third (35%) investigated a leak of confidential or proprietary information via email in the past 12 months. At the same time, the number of data loss events associated with social media channels continued to increase. Employee misuse of email, work-owned mobile devices, and popular social media tools including Facebook, LinkedIn, Twitter, video sharing sites, forums and blogs resulted in an increasing number of disciplinary actions—including termination—as enterprises demonstrate increasing concern about securing sensitive data.

1 de 36
Baixar para ler offline
Research Results: Outbound Email and DLP Survey, 2010 Keith Crosley Director of Market Development Proofpoint Michael Osterman Analyst and Principal Osterman Research Proofpoint, Inc. Proprietary and Confidential ©2010 1
Agenda About Proofpoint and Our 2010 Survey Levels of Concern and Risky Content Frequency of Data Exposure Events Risky Content in Email and Social Media Policies and Enforcement Actions How do Companies Reduce Outbound Email and Web Risks? Proofpoint, Inc. Proprietary and Confidential ©2010 2
Proofpoint: Cloud-Enabled Email Solutions 4000 Leading email security, compliance & Customers archiving solutions for complex organizations Enterprise-class protection for lowest email risk & cost-of-ownership Industry leadership Leaders Quadrant, Fastest Growing Best Buy, 5 Stars SEG Magic Quadrant Messaging Security (2009, 2010) (2008 & 2010) (2008) Proofpoint, Inc. Proprietary and Confidential ©2010 3
About our Seventh Annual Survey: Goals Quantify the risks related to outbound messaging Raise awareness of policy, technology and cultural issues Understand technology adoption trends Special topics • Social media risks in the enterprise • Data loss and the economy Proofpoint, Inc. Proprietary and Confidential ©2010 4
About our Seventh Annual Survey: Respondents Survey of 261 email technology/policy decision makers Companies with 1000 or more employees: • 190 with 1000 – 5000; 45 with 5001 – 20,000; 26 with 20,000+ • 139 private, 122 publicly-traded Key roles • 46% Director or manager of IT • 21% CIO, CTO or senior-most IT executive • 12% director or manager of messaging/email systems Email systems • 98% have on-premises email system (Exchange 2007, 2003 and 2010 most common) • 31% have a SaaS email system (Exchange 2007, 2010 most common) Proofpoint, Inc. Proprietary and Confidential ©2010 5
Agenda About Proofpoint and Our 2010 Survey Frequency of Data Loss/Exposure Events • What are IT pros most worried about? • What are the most common types of data loss events? Risky Content in Email and Social Media Policies and Enforcement Actions How do Companies Reduce Outbound Email and Web Risks? Proofpoint, Inc. Proprietary and Confidential ©2010 6
Data Loss/Exposure is not Rare 0% 10% 20% 30% 40% 50% 60% 36% Exposure of sensitive or 36% embarrassing information 30% 47% 31% Improper exposure or theft 33% of customer information 30% 13% 29% Overall (n=261) 1000-5000 employees (n=190) Improper exposure or theft 32% 5001-20,000 employees (n=45) of intellectual property 18% >20,000 employees (n=26) 27% 20% Ordered by a court or regulatory body 14% to produce employee email 27% 54% Proofpoint, Inc. Proprietary and Confidential ©2010 7
Poll #1 Was your organization negatively impacted by the improper exposure of confidential information in the past 12 months? • Yes • No • Don’t Know Proofpoint, Inc. Proprietary and Confidential ©2010 8
Levels of Concern about Various Data Loss Conduits 0% 10% 20% 30% 40% 50% 60% 70% Physical loss: Laptops, smartphones and other devices 64% Web-based email (e.g., Hotmail, Gmail) 60% Email sent from mobile devices 56% Email sent from organization’s SMTP email system 55% Postings to blogs and message-boards 54% Posts to social networking sites (e.g., Facebook, MySpace, LinkedIn, etc.) 53% Posts to media sharing sites (e.g., YouTube, etc.) 52% Short messages (e.g., SMS, MMS) sent from mobile devices 51% Messages sent via Web-based short messaging… 51% Instant Messaging (IM) applications 50% FTP (File Transfer Protocol) 49% Peer-to-peer (P2P) networks 46% Proofpoint, Inc. Proprietary and Confidential ©2010 9
Data Loss Events: Email, Blogs, Devices, Employee Termination 0% 10% 20% 30% 40% 50% 60% 35% Investigated a suspected leak of 30% confidential or proprietary information via email 44% 54% 32% Investigated a suspected violation of 32% privacy or data protection regulations related to email 27% 38% 25% Investigated the exposure of confidential, sensitive 24% or private information via a blog or message board 24% posting 35% 22% Investigated the exposure of confidential, sensitive or 21% private information via lost or stolen mobile devices 22% or storage media Overall (n=261) 27% 1000-5000 employees (n=190) 21% 5001-20,000 employees (n=45) Investigated a suspected leak or theft of confidential 21% or proprietary information associated with an >20,000 employees (n=26) 18% employee leaving the company 27% Proofpoint, Inc. Proprietary and Confidential ©2010 10
Data Loss Events: Social Media 0% 10% 20% 30% 40% 50% 60% 20% Investigated the exposure of confidential, sensitive 21% or private information via a posting 18% to a social networking site 23% 18% Investigated the exposure of confidential, sensitive 20% or private information via video or audio media 11% posted to a media sharing site 19% Investigated the exposure of material financial 18% information 18% (such as unannounced quarterly results or significant 11% deals) via a blog or message board posting 23% 17% Overall (n=261) Investigated the exposure of confidential, sensitive 17% 1000-5000 employees (n=190) or private information via short message service 5001-20,000 employees (n=45) 16% (e.g., SMS, MMS, Twitter) 15% >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 11
Agenda About Proofpoint and Our 2010 Survey Frequency of Data Loss/Exposure Events Risky Content in Email and Social Media • Top outbound email concerns • How much email contains risky content? • Four types of risky content in email and IM/social media Policies and Enforcement Actions How do Companies Reduce Outbound Email and Web Risks? Proofpoint, Inc. Proprietary and Confidential ©2010 12
Top Outbound Email Concerns 1 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 74% Ensuring compliance with 76% financial disclosure or 67% corporate governance regulations 73% 72% Protecting the confidentiality of 74% personal identity and financial information 56% 85% 71% Ensuring that email cannot be used 74% to disseminate company trade secrets 56% or valuable intellectual property 73% 71% Ensuring that email cannot be used 75% to disseminate confidential 55% internal memos 69% Overall (n=261) 1000-5000 employees (n=190) 5001-20,000 employees (n=45) >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 13
Top Outbound Email Concerns 2 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 67% 70% Ensuring compliance with internal corporate email policies 56% 62% 63% Monitoring email for offensive 70% or otherwise inappropriate content and attachments 49% 38% 61% 66% Protecting the confidentiality of private healthcare information 38% 62% Overall (n=261) 1000-5000 employees (n=190) 5001-20,000 employees (n=45) >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 14
As Many as 1 in 5 Emails Contains Risky Content “What percentage of email sent from your organization contains content that poses a legal, financial or regulatory risk?” • Mean (average) answer: 20% • Median answer: 10% • 19% of respondents “didn’t know” Proofpoint, Inc. Proprietary and Confidential ©2010 15
Risky Content in Email 0% 5% 10% 15% 20% 25% 30% 35% 40% 32% 31% Adult, obscene, or potentially 19% offensive content 12% 7% 20% 34% Confidential or proprietary business 24% information about your organization 12% 9% 25% Valuable intellectual property or 28% trade secrets that should not 24% leave the organization 14% 9% Almost Never Less Common 26% Personal healthcare, financial Neutral 25% or identity data Common 22% that may violate privacy and Very Common 17% data protection regulations 10% Proofpoint, Inc. Proprietary and Confidential ©2010 16
Risky Content in IM and Social Media 0% 5% 10% 15% 20% 25% 30% 35% 40% 36% 22% Adult, obscene, or potentially 23% offensive content 13% 7% 32% 25% Confidential or proprietary business 22% information about your organization 13% 8% 33% Valuable intellectual property or 26% trade secrets that should not 20% leave the organization 12% 9% 34% Personal healthcare, financial 21% Almost Never or identity data 20% Less Common that may violate privacy and 17% Neutral data protection regulations 9% Common Very Common Proofpoint, Inc. Proprietary and Confidential ©2010 17
Importance of Reducing Outbound Email Risks in the Next 12 Months 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 37% 43% Very important 20% 23% 33% 31% Important 36% 46% 16% 13% Somewhat important 27% 19% 3% 3% Somewhat unimportant 5% 4% 8% 8% Overall (n=261) Very unimportant 5% 1000-5000 employees (n=190) 8% 5001-20,000 employees (n=45) 2% 1% >20,000 employees (n=26) Unimportant 7% 0% 1% 1% Don’t know 0% 0% Proofpoint, Inc. Proprietary and Confidential ©2010 18
Importance of Reducing Outbound HTTP Risks in the Next 12 Months 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 30% 33% Very important 18% 23% 37% 37% Important 42% 31% 19% 17% Somewhat important 22% 31% 6% 5% Somewhat unimportant 9% 4% 2% 1% Overall (n=261) Unimportant 2% 1000-5000 employees (n=190) 4% 5001-20,000 employees (n=45) 7% 6% >20,000 employees (n=26) Very unimportant 7% 8% 0% 1% Don’t know 0% 0% Proofpoint, Inc. Proprietary and Confidential ©2010 19
Agenda About Proofpoint and Our 2010 Survey Frequency of Data Loss/Exposure Events Risky Content in Email and Social Media Policies and Enforcement Actions • Prohibited activities • Adoption of acceptable use and other policies • Discipline and termination for policy violations How do Companies Reduce Outbound Email and Web Risks? Proofpoint, Inc. Proprietary and Confidential ©2010 20
Prohibited Activities 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 63% Prohibit use of P2P 58% file-sharing sites 80% 81% 53% 53% Prohibit use of Facebook 63% 38% 53% Prohibit use of media-sharing 49% sites (e.g., YouTube) 60% 67% 49% 47% Prohibit use of Twitter 60% 38% 40% Prohibit use of personal 40% Webmail 43% Overall (n=261) 33% 1000-5000 employees (n=190) 39% 5001-20,000 employees (n=45) Prohibit personal use 40% >20,000 employees (n=26) of the Web 35% 38% Prohibit personal use of 38% 42% corporate email during 28% company time 24% 31% 32% Prohibit use of LinkedIn 38% 10% Proofpoint, Inc. Proprietary and Confidential ©2010 21
Adoption of Acceptable Use Policies 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 94% 94% Acceptable use policy for email 96% 92% Web surfing policy 86% focused on 85% potential time wasted 91% by employees 85% 83% Web surfing policy 82% focused on 89% potential data loss 81% 81% 83% Social networking policy 73% 81% 80% Acceptable use policy for blog 82% and/or message board postings 73% 73% Overall (n=261) 1000-5000 employees (n=190) 5001-20,000 employees (n=45) >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 22
Additional Email Policies Is Your Organization at Risk? 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 86% 85% Email retention policy 89% 92% 82% 85% Acceptable encryption policy 80% 65% 80% 80% Automatically forwarded email policy 79% 83% Overall (n=261) 1000-5000 employees (n=190) 5001-20,000 employees (n=45) >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 23
Formal Policy Training Are Employees Equipped to Understand Your Policies? 0% 10% 20% 30% 40% 50% 60% 70% 55% Conducted a formal training 58% about the organization's email security policies 60% 31% 42% Conducted a formal training 45% about external regulations that apply email use 42% 15% 31% Conducted a formal training 38% Overall (n=261) about Web/social media security and acceptable use policies 16% 1000-5000 employees (n=190) 5001-20,000 employees (n=45) 12% >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 24
Discipline & Termination: Email & Blog Violations 0% 10% 20% 30% 40% 50% 60% 70% 50% Disciplined an employee for 52% violating email policy 38% 58% 20% Terminated an employee for 21% violating email policy 11% Overall (n=261) 31% 1000-5000 employees (n=190) 5001-20,000 employees (n=45) 24% Disciplined an employee for 26% violating blog/message board policy 16% 19% 11% Terminated an employee for 13% violating blog/message board policy 4% 12% Proofpoint, Inc. Proprietary and Confidential ©2010 25
Discipline & Termination: Media Sharing & Social Media 0% 10% 20% 30% 40% 50% 60% 70% 21% Disciplined an employee for 23% violating media sharing/posting policy 16% 15% 9% Terminated an employee for 10% violating media sharing/posting policy 7% Overall (n=261) 8% 1000-5000 employees (n=190) 5001-20,000 employees (n=45) 20% Disciplined an employee for 22% violating social networking policy 11% 15% 7% Terminated an employee for 9% violating social networking policy 0% 8% Proofpoint, Inc. Proprietary and Confidential ©2010 26
Agenda About Proofpoint and Our 2010 Survey Frequency of Data Loss/Exposure Events Risky Content in Email and Social Media Policies and Enforcement Actions How do Companies Reduce Outbound Email and Web Risks? • Manual processes and technology adoption • The economy and data loss risk • SaaS and email security investment priorities Proofpoint, Inc. Proprietary and Confidential ©2010 27
Reducing Data Loss Risks: Manual Processes 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 37% 38% Employ staff that monitors outbound email content 29% 38% 33% Overall (n=261) 34% 1000-5000 employees (n=190) Employ staff whose primary or exclusive job function is to read or otherwise analyze outbound email content 5001-20,000 employees (n=45) 23% >20,000 employees (n=26) 38% 48% 51% Perform regular audits of outbound email content 36% 48% Proofpoint, Inc. Proprietary and Confidential ©2010 28
Poll #2 Are there employees in your organization tasked with reading or analyzing the contents of outbound email? • Yes • Yes – and that person is me • No • Don’t know Proofpoint, Inc. Proprietary and Confidential ©2010 29
Reducing Data Loss Risks: Outbound Email Scanning Technologies 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 40% Technology solution that detects 44% protected health information in outbound email 27% 38% 39% Technology solution that detects private personal 40% or financial information in outbound email 33% Overall (n=261) 46% 1000-5000 employees (n=190) 5001-20,000 employees (n=45) 42% >20,000 employees (n=26) Technology solution for automatic encryption 43% of messages based on content & policies 41% 38% 36% Technology solution for detecting 39% intellectual property in outbound email 22% 38% Proofpoint, Inc. Proprietary and Confidential ©2010 30
Reducing Data Loss Risks: Web Monitoring, Archiving, Outbound Spam 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 39% 43% Technology solution for monitoring content in webmail and other HTTP traffic 27% 38% 54% Overall (n=261) 55% 1000-5000 employees (n=190) Technology solution for email archiving 5001-20,000 employees (n=45) 52% >20,000 employees (n=26) 48% 65% 63% Technology solution for detecting spam or malware in outbound email 60% 85% Proofpoint, Inc. Proprietary and Confidential ©2010 31
The Economy Continues to Have a Negative Impact on Data Protection 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 58% Budget constraints have negatively 59% impacted my organization’s ability to protect confidential, proprietary 59% or sensitive information 50% 53% IT staff reductions have negatively 54% impacted my organization's ability to protect confidential, proprietary 51% and sensitive data 50% 48% Increasing number of layoffs in 51% Overall (n=261) my organization has created an 1000-5000 employees (n=190) increased risk of data leakage 44% 5001-20,000 employees (n=45) 36% >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 32
Do SaaS and Cloud Computing Increase Data Loss Risks? 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 49% Overall (n=261) The trend toward using SaaS and 1000-5000 employees (n=190) 49% cloud computing solutions in the 5001-20,000 employees (n=45) enterprise seriously increases the 50% >20,000 employees (n=26) risk of data leakage 44% 31% of companies have a SaaS messaging system 52% say they have deployed a SaaS solution for inbound email scanning • Additional 17% will “definitely” do so in the future • Additional 18% “might” 31% say they have deployed a SaaS solution for outbound DLP/compliance scanning • Additional 19% will “definitely” do so in the future • Additional 17% “might” Proofpoint, Inc. Proprietary and Confidential ©2010 33
Email Security Investment Priorities Over the Next 12 Months 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 32% 36% Improving the ability to manage 21% eDiscovery in email 7% 3% Improving the ability to prevent 30% 36% sensitive content from leaving the 20% organization through email 8% in an unauthorized manner 7% 41% 25% Improving malware detection 21% and prevention 9% 4% 35% 30% Improving spam filtering 23% 7% 5% 25% Improving the ability to manage 38% eDiscovery for non-email 24% electronic content 8% Very High Priority 5% High Priority 25% Neutral 33% Improving employee self-service Low Priority 26% to archived email 8% Very Low Priority 8% Proofpoint, Inc. Proprietary and Confidential ©2010 34
Q&A / Next Steps Attend a Live Proofpoint Demo Session Thursdays at 2:00 pm ET / 11:00 am PT Register today at www.proofpoint.com/livedemo For questions or more information contact us at: webinars@proofpoint.com, 408-517-4710 proofpoint.com/facebook proofpoint.com/twitter blog.proofpoint.com Proofpoint, Inc. Proprietary and Confidential ©2010 35
Webinar Survey Enter to Win a Netbook! We value your opinion. Attendees of today’s webinar who complete the survey at the end of the presentation (within 10 minutes) will be entered to win a Netbook! Proofpoint, Inc. Proprietary and Confidential ©2010 36

Recomendados

Bao cao-tong-quan-internet-vietnam-2011
Bao cao-tong-quan-internet-vietnam-2011Bao cao-tong-quan-internet-vietnam-2011
Bao cao-tong-quan-internet-vietnam-2011Vinalink Media JSC
 
Com score socialconference
Com score socialconferenceCom score socialconference
Com score socialconferencePhan LyNa
 
Messaging best practices for 2011
Messaging best practices for 2011Messaging best practices for 2011
Messaging best practices for 2011Actiance, Inc.
 
icon Venture Capitalists’ Predictions for 2010
icon Venture Capitalists’ Predictions for 2010icon Venture Capitalists’ Predictions for 2010
icon Venture Capitalists’ Predictions for 2010Diego Túlio Tomaz Gomes
 
ClickSquared Webcast: Improve your Marketing, Remove the Complexity
ClickSquared Webcast: Improve your Marketing, Remove the ComplexityClickSquared Webcast: Improve your Marketing, Remove the Complexity
ClickSquared Webcast: Improve your Marketing, Remove the ComplexityClickSquared
 
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Jason Hong
 
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Jason Hong
 
E-FILE_Proofpoint_Uberflip_120915_optimized
E-FILE_Proofpoint_Uberflip_120915_optimizedE-FILE_Proofpoint_Uberflip_120915_optimized
E-FILE_Proofpoint_Uberflip_120915_optimizedLynn Feltner
 

Recomendados

Bao cao-tong-quan-internet-vietnam-2011
Bao cao-tong-quan-internet-vietnam-2011Bao cao-tong-quan-internet-vietnam-2011
Bao cao-tong-quan-internet-vietnam-2011Vinalink Media JSC
 
Com score socialconference
Com score socialconferenceCom score socialconference
Com score socialconferencePhan LyNa
 
Messaging best practices for 2011
Messaging best practices for 2011Messaging best practices for 2011
Messaging best practices for 2011Actiance, Inc.
 
icon Venture Capitalists’ Predictions for 2010
icon Venture Capitalists’ Predictions for 2010icon Venture Capitalists’ Predictions for 2010
icon Venture Capitalists’ Predictions for 2010Diego Túlio Tomaz Gomes
 
ClickSquared Webcast: Improve your Marketing, Remove the Complexity
ClickSquared Webcast: Improve your Marketing, Remove the ComplexityClickSquared Webcast: Improve your Marketing, Remove the Complexity
ClickSquared Webcast: Improve your Marketing, Remove the ComplexityClickSquared
 
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Jason Hong
 
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Jason Hong
 
E-FILE_Proofpoint_Uberflip_120915_optimized
E-FILE_Proofpoint_Uberflip_120915_optimizedE-FILE_Proofpoint_Uberflip_120915_optimized
E-FILE_Proofpoint_Uberflip_120915_optimizedLynn Feltner
 
Governança de Dados nas empresas - BI Summit 2017
Governança de Dados nas empresas - BI Summit 2017Governança de Dados nas empresas - BI Summit 2017
Governança de Dados nas empresas - BI Summit 2017BLRDATA
 
Compliant Practices for Social Media in Financial Services
Compliant Practices for Social Media in Financial ServicesCompliant Practices for Social Media in Financial Services
Compliant Practices for Social Media in Financial ServicesLinkedIn Sales Solutions
 
Customer Success and Security Technology
Customer Success and Security TechnologyCustomer Success and Security Technology
Customer Success and Security TechnologyGainsight
 
Tecnoset curitiba printing services
Tecnoset curitiba printing servicesTecnoset curitiba printing services
Tecnoset curitiba printing servicesFernando Misato
 
Webinar: Proofpoint, a pioneer in security-as-a-service protects people, info...
Webinar: Proofpoint, a pioneer in security-as-a-service protects people, info...Webinar: Proofpoint, a pioneer in security-as-a-service protects people, info...
Webinar: Proofpoint, a pioneer in security-as-a-service protects people, info...DataStax
 
Institucional proofpoint
Institucional proofpointInstitucional proofpoint
Institucional proofpointvoliverio
 
Proofpoint: Fraud Detection and Security on Social Media
Proofpoint: Fraud Detection and Security on Social MediaProofpoint: Fraud Detection and Security on Social Media
Proofpoint: Fraud Detection and Security on Social MediaDataStax Academy
 
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Proofpoint
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALMichael Bunn
 
The Human Factor Report 2015
The Human Factor Report 2015The Human Factor Report 2015
The Human Factor Report 2015Michael Bunn
 
Hoe de piratenpartij de rechtsstaat wil beschermen - en wetten klaar wil make...
Hoe de piratenpartij de rechtsstaat wil beschermen - en wetten klaar wil make...Hoe de piratenpartij de rechtsstaat wil beschermen - en wetten klaar wil make...
Hoe de piratenpartij de rechtsstaat wil beschermen - en wetten klaar wil make...Matthijs Pontier
 
General Motors Case Analysis
General Motors Case AnalysisGeneral Motors Case Analysis
General Motors Case Analysisandreaberga
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18Symantec
 
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystScale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystBill Burns
 
Survey results: The age of unbounded data
Survey results: The age of unbounded dataSurvey results: The age of unbounded data
Survey results: The age of unbounded dataMoxie Insight
 
Symantec 2011 Information Retention and eDiscovery Survey Global Key Findings
Symantec 2011 Information Retention and eDiscovery Survey Global Key FindingsSymantec 2011 Information Retention and eDiscovery Survey Global Key Findings
Symantec 2011 Information Retention and eDiscovery Survey Global Key FindingsSymantec
 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012Lumension
 
How Mature is Your Data Protection? 3 Steps to Effective Data Security.
How Mature is Your Data Protection? 3 Steps to Effective Data Security.How Mature is Your Data Protection? 3 Steps to Effective Data Security.
How Mature is Your Data Protection? 3 Steps to Effective Data Security.Lumension
 
CyberDen 2020
CyberDen 2020CyberDen 2020
CyberDen 2020Fahad Al-Hasan
 
A Definitive Market Guide to Deception Technology
A Definitive Market Guide to Deception TechnologyA Definitive Market Guide to Deception Technology
A Definitive Market Guide to Deception TechnologyEnterprise Management Associates
 
What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computingHardik Kakadiya
 
Teleworking cybersecurity webinar (final)
Teleworking cybersecurity webinar (final)Teleworking cybersecurity webinar (final)
Teleworking cybersecurity webinar (final)Jennifer Bluemling, MBA
 

Mais conteúdo relacionado

Destaque

Governança de Dados nas empresas - BI Summit 2017
Governança de Dados nas empresas - BI Summit 2017Governança de Dados nas empresas - BI Summit 2017
Governança de Dados nas empresas - BI Summit 2017BLRDATA
 
Compliant Practices for Social Media in Financial Services
Compliant Practices for Social Media in Financial ServicesCompliant Practices for Social Media in Financial Services
Compliant Practices for Social Media in Financial ServicesLinkedIn Sales Solutions
 
Customer Success and Security Technology
Customer Success and Security TechnologyCustomer Success and Security Technology
Customer Success and Security TechnologyGainsight
 
Tecnoset curitiba printing services
Tecnoset curitiba printing servicesTecnoset curitiba printing services
Tecnoset curitiba printing servicesFernando Misato
 
Webinar: Proofpoint, a pioneer in security-as-a-service protects people, info...
Webinar: Proofpoint, a pioneer in security-as-a-service protects people, info...Webinar: Proofpoint, a pioneer in security-as-a-service protects people, info...
Webinar: Proofpoint, a pioneer in security-as-a-service protects people, info...DataStax
 
Institucional proofpoint
Institucional proofpointInstitucional proofpoint
Institucional proofpointvoliverio
 
Proofpoint: Fraud Detection and Security on Social Media
Proofpoint: Fraud Detection and Security on Social MediaProofpoint: Fraud Detection and Security on Social Media
Proofpoint: Fraud Detection and Security on Social MediaDataStax Academy
 
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Proofpoint
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALMichael Bunn
 
The Human Factor Report 2015
The Human Factor Report 2015The Human Factor Report 2015
The Human Factor Report 2015Michael Bunn
 
Hoe de piratenpartij de rechtsstaat wil beschermen - en wetten klaar wil make...
Hoe de piratenpartij de rechtsstaat wil beschermen - en wetten klaar wil make...Hoe de piratenpartij de rechtsstaat wil beschermen - en wetten klaar wil make...
Hoe de piratenpartij de rechtsstaat wil beschermen - en wetten klaar wil make...Matthijs Pontier
 
General Motors Case Analysis
General Motors Case AnalysisGeneral Motors Case Analysis
General Motors Case Analysisandreaberga
 

Destaque (12)

Governança de Dados nas empresas - BI Summit 2017
Governança de Dados nas empresas - BI Summit 2017Governança de Dados nas empresas - BI Summit 2017
Governança de Dados nas empresas - BI Summit 2017
 
Compliant Practices for Social Media in Financial Services
Compliant Practices for Social Media in Financial ServicesCompliant Practices for Social Media in Financial Services
Compliant Practices for Social Media in Financial Services
 
Customer Success and Security Technology
Customer Success and Security TechnologyCustomer Success and Security Technology
Customer Success and Security Technology
 
Tecnoset curitiba printing services
Tecnoset curitiba printing servicesTecnoset curitiba printing services
Tecnoset curitiba printing services
 
Webinar: Proofpoint, a pioneer in security-as-a-service protects people, info...
Webinar: Proofpoint, a pioneer in security-as-a-service protects people, info...Webinar: Proofpoint, a pioneer in security-as-a-service protects people, info...
Webinar: Proofpoint, a pioneer in security-as-a-service protects people, info...
 
Institucional proofpoint
Institucional proofpointInstitucional proofpoint
Institucional proofpoint
 
Proofpoint: Fraud Detection and Security on Social Media
Proofpoint: Fraud Detection and Security on Social MediaProofpoint: Fraud Detection and Security on Social Media
Proofpoint: Fraud Detection and Security on Social Media
 
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
 
The Human Factor Report 2015
The Human Factor Report 2015The Human Factor Report 2015
The Human Factor Report 2015
 
Hoe de piratenpartij de rechtsstaat wil beschermen - en wetten klaar wil make...
Hoe de piratenpartij de rechtsstaat wil beschermen - en wetten klaar wil make...Hoe de piratenpartij de rechtsstaat wil beschermen - en wetten klaar wil make...
Hoe de piratenpartij de rechtsstaat wil beschermen - en wetten klaar wil make...
 
General Motors Case Analysis
General Motors Case AnalysisGeneral Motors Case Analysis
General Motors Case Analysis
 

Semelhante a Proofpoint Outbound/DLP Survey Results

ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18Symantec
 
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystScale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystBill Burns
 
Survey results: The age of unbounded data
Survey results: The age of unbounded dataSurvey results: The age of unbounded data
Survey results: The age of unbounded dataMoxie Insight
 
Symantec 2011 Information Retention and eDiscovery Survey Global Key Findings
Symantec 2011 Information Retention and eDiscovery Survey Global Key FindingsSymantec 2011 Information Retention and eDiscovery Survey Global Key Findings
Symantec 2011 Information Retention and eDiscovery Survey Global Key FindingsSymantec
 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012Lumension
 
How Mature is Your Data Protection? 3 Steps to Effective Data Security.
How Mature is Your Data Protection? 3 Steps to Effective Data Security.How Mature is Your Data Protection? 3 Steps to Effective Data Security.
How Mature is Your Data Protection? 3 Steps to Effective Data Security.Lumension
 
Teleworking cybersecurity webinar (final)
Teleworking cybersecurity webinar (final)Teleworking cybersecurity webinar (final)
Teleworking cybersecurity webinar (final)Jennifer Bluemling, MBA
 
Symantec 2011 Threat Management Survey Global Results
Symantec 2011 Threat Management Survey Global ResultsSymantec 2011 Threat Management Survey Global Results
Symantec 2011 Threat Management Survey Global ResultsSymantec
 
Cyber Security Briefing Asis Nyc 10 18 12
Cyber Security Briefing Asis Nyc 10 18 12Cyber Security Briefing Asis Nyc 10 18 12
Cyber Security Briefing Asis Nyc 10 18 12David Kondrup
 
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...Enterprise Management Associates
 
How Automation and Orchestration Can Help Bridge the IT Security Skills Gap
How Automation and Orchestration Can Help Bridge the IT Security Skills GapHow Automation and Orchestration Can Help Bridge the IT Security Skills Gap
How Automation and Orchestration Can Help Bridge the IT Security Skills GapEnterprise Management Associates
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...Symantec
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskLumension
 
InfoWatch - Data loss prevention (dlp) and social media monitoring (smm)
InfoWatch - Data loss prevention (dlp) and social media monitoring (smm)InfoWatch - Data loss prevention (dlp) and social media monitoring (smm)
InfoWatch - Data loss prevention (dlp) and social media monitoring (smm)Global Business Events
 
A Lack of IT Controls= Fraud Opportunities
A Lack of IT Controls= Fraud OpportunitiesA Lack of IT Controls= Fraud Opportunities
A Lack of IT Controls= Fraud OpportunitiesWhitleyPenn
 
Information Overload Strategies
Information Overload StrategiesInformation Overload Strategies
Information Overload StrategiesToby Ruckert
 

Semelhante a Proofpoint Outbound/DLP Survey Results (20)

ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18
 
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalystScale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
Scale vp wisegate-investing-in_security_innovation_aug2014-gartner_catalyst
 
Survey results: The age of unbounded data
Survey results: The age of unbounded dataSurvey results: The age of unbounded data
Survey results: The age of unbounded data
 
Symantec 2011 Information Retention and eDiscovery Survey Global Key Findings
Symantec 2011 Information Retention and eDiscovery Survey Global Key FindingsSymantec 2011 Information Retention and eDiscovery Survey Global Key Findings
Symantec 2011 Information Retention and eDiscovery Survey Global Key Findings
 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012
 
How Mature is Your Data Protection? 3 Steps to Effective Data Security.
How Mature is Your Data Protection? 3 Steps to Effective Data Security.How Mature is Your Data Protection? 3 Steps to Effective Data Security.
How Mature is Your Data Protection? 3 Steps to Effective Data Security.
 
CyberDen 2020
CyberDen 2020CyberDen 2020
CyberDen 2020
 
A Definitive Market Guide to Deception Technology
A Definitive Market Guide to Deception TechnologyA Definitive Market Guide to Deception Technology
A Definitive Market Guide to Deception Technology
 
What is cloud computing
What is cloud computingWhat is cloud computing
What is cloud computing
 
Teleworking cybersecurity webinar (final)
Teleworking cybersecurity webinar (final)Teleworking cybersecurity webinar (final)
Teleworking cybersecurity webinar (final)
 
Resilience in the Cyber Era
Resilience in the Cyber EraResilience in the Cyber Era
Resilience in the Cyber Era
 
Symantec 2011 Threat Management Survey Global Results
Symantec 2011 Threat Management Survey Global ResultsSymantec 2011 Threat Management Survey Global Results
Symantec 2011 Threat Management Survey Global Results
 
Cyber Security Briefing Asis Nyc 10 18 12
Cyber Security Briefing Asis Nyc 10 18 12Cyber Security Briefing Asis Nyc 10 18 12
Cyber Security Briefing Asis Nyc 10 18 12
 
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
Managed Detection and Response: Selective Outsourcing for Understaffed SOCs a...
 
How Automation and Orchestration Can Help Bridge the IT Security Skills Gap
How Automation and Orchestration Can Help Bridge the IT Security Skills GapHow Automation and Orchestration Can Help Bridge the IT Security Skills Gap
How Automation and Orchestration Can Help Bridge the IT Security Skills Gap
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
 
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint RiskGreatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
 
InfoWatch - Data loss prevention (dlp) and social media monitoring (smm)
InfoWatch - Data loss prevention (dlp) and social media monitoring (smm)InfoWatch - Data loss prevention (dlp) and social media monitoring (smm)
InfoWatch - Data loss prevention (dlp) and social media monitoring (smm)
 
A Lack of IT Controls= Fraud Opportunities
A Lack of IT Controls= Fraud OpportunitiesA Lack of IT Controls= Fraud Opportunities
A Lack of IT Controls= Fraud Opportunities
 
Information Overload Strategies
Information Overload StrategiesInformation Overload Strategies
Information Overload Strategies
 

Proofpoint Outbound/DLP Survey Results

  • 1. Research Results: Outbound Email and DLP Survey, 2010 Keith Crosley Director of Market Development Proofpoint Michael Osterman Analyst and Principal Osterman Research Proofpoint, Inc. Proprietary and Confidential ©2010 1
  • 2. Agenda About Proofpoint and Our 2010 Survey Levels of Concern and Risky Content Frequency of Data Exposure Events Risky Content in Email and Social Media Policies and Enforcement Actions How do Companies Reduce Outbound Email and Web Risks? Proofpoint, Inc. Proprietary and Confidential ©2010 2
  • 3. Proofpoint: Cloud-Enabled Email Solutions 4000 Leading email security, compliance & Customers archiving solutions for complex organizations Enterprise-class protection for lowest email risk & cost-of-ownership Industry leadership Leaders Quadrant, Fastest Growing Best Buy, 5 Stars SEG Magic Quadrant Messaging Security (2009, 2010) (2008 & 2010) (2008) Proofpoint, Inc. Proprietary and Confidential ©2010 3
  • 4. About our Seventh Annual Survey: Goals Quantify the risks related to outbound messaging Raise awareness of policy, technology and cultural issues Understand technology adoption trends Special topics • Social media risks in the enterprise • Data loss and the economy Proofpoint, Inc. Proprietary and Confidential ©2010 4
  • 5. About our Seventh Annual Survey: Respondents Survey of 261 email technology/policy decision makers Companies with 1000 or more employees: • 190 with 1000 – 5000; 45 with 5001 – 20,000; 26 with 20,000+ • 139 private, 122 publicly-traded Key roles • 46% Director or manager of IT • 21% CIO, CTO or senior-most IT executive • 12% director or manager of messaging/email systems Email systems • 98% have on-premises email system (Exchange 2007, 2003 and 2010 most common) • 31% have a SaaS email system (Exchange 2007, 2010 most common) Proofpoint, Inc. Proprietary and Confidential ©2010 5
  • 6. Agenda About Proofpoint and Our 2010 Survey Frequency of Data Loss/Exposure Events • What are IT pros most worried about? • What are the most common types of data loss events? Risky Content in Email and Social Media Policies and Enforcement Actions How do Companies Reduce Outbound Email and Web Risks? Proofpoint, Inc. Proprietary and Confidential ©2010 6
  • 7. Data Loss/Exposure is not Rare 0% 10% 20% 30% 40% 50% 60% 36% Exposure of sensitive or 36% embarrassing information 30% 47% 31% Improper exposure or theft 33% of customer information 30% 13% 29% Overall (n=261) 1000-5000 employees (n=190) Improper exposure or theft 32% 5001-20,000 employees (n=45) of intellectual property 18% >20,000 employees (n=26) 27% 20% Ordered by a court or regulatory body 14% to produce employee email 27% 54% Proofpoint, Inc. Proprietary and Confidential ©2010 7
  • 8. Poll #1 Was your organization negatively impacted by the improper exposure of confidential information in the past 12 months? • Yes • No • Don’t Know Proofpoint, Inc. Proprietary and Confidential ©2010 8
  • 9. Levels of Concern about Various Data Loss Conduits 0% 10% 20% 30% 40% 50% 60% 70% Physical loss: Laptops, smartphones and other devices 64% Web-based email (e.g., Hotmail, Gmail) 60% Email sent from mobile devices 56% Email sent from organization’s SMTP email system 55% Postings to blogs and message-boards 54% Posts to social networking sites (e.g., Facebook, MySpace, LinkedIn, etc.) 53% Posts to media sharing sites (e.g., YouTube, etc.) 52% Short messages (e.g., SMS, MMS) sent from mobile devices 51% Messages sent via Web-based short messaging… 51% Instant Messaging (IM) applications 50% FTP (File Transfer Protocol) 49% Peer-to-peer (P2P) networks 46% Proofpoint, Inc. Proprietary and Confidential ©2010 9
  • 10. Data Loss Events: Email, Blogs, Devices, Employee Termination 0% 10% 20% 30% 40% 50% 60% 35% Investigated a suspected leak of 30% confidential or proprietary information via email 44% 54% 32% Investigated a suspected violation of 32% privacy or data protection regulations related to email 27% 38% 25% Investigated the exposure of confidential, sensitive 24% or private information via a blog or message board 24% posting 35% 22% Investigated the exposure of confidential, sensitive or 21% private information via lost or stolen mobile devices 22% or storage media Overall (n=261) 27% 1000-5000 employees (n=190) 21% 5001-20,000 employees (n=45) Investigated a suspected leak or theft of confidential 21% or proprietary information associated with an >20,000 employees (n=26) 18% employee leaving the company 27% Proofpoint, Inc. Proprietary and Confidential ©2010 10
  • 11. Data Loss Events: Social Media 0% 10% 20% 30% 40% 50% 60% 20% Investigated the exposure of confidential, sensitive 21% or private information via a posting 18% to a social networking site 23% 18% Investigated the exposure of confidential, sensitive 20% or private information via video or audio media 11% posted to a media sharing site 19% Investigated the exposure of material financial 18% information 18% (such as unannounced quarterly results or significant 11% deals) via a blog or message board posting 23% 17% Overall (n=261) Investigated the exposure of confidential, sensitive 17% 1000-5000 employees (n=190) or private information via short message service 5001-20,000 employees (n=45) 16% (e.g., SMS, MMS, Twitter) 15% >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 11
  • 12. Agenda About Proofpoint and Our 2010 Survey Frequency of Data Loss/Exposure Events Risky Content in Email and Social Media • Top outbound email concerns • How much email contains risky content? • Four types of risky content in email and IM/social media Policies and Enforcement Actions How do Companies Reduce Outbound Email and Web Risks? Proofpoint, Inc. Proprietary and Confidential ©2010 12
  • 13. Top Outbound Email Concerns 1 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 74% Ensuring compliance with 76% financial disclosure or 67% corporate governance regulations 73% 72% Protecting the confidentiality of 74% personal identity and financial information 56% 85% 71% Ensuring that email cannot be used 74% to disseminate company trade secrets 56% or valuable intellectual property 73% 71% Ensuring that email cannot be used 75% to disseminate confidential 55% internal memos 69% Overall (n=261) 1000-5000 employees (n=190) 5001-20,000 employees (n=45) >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 13
  • 14. Top Outbound Email Concerns 2 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 67% 70% Ensuring compliance with internal corporate email policies 56% 62% 63% Monitoring email for offensive 70% or otherwise inappropriate content and attachments 49% 38% 61% 66% Protecting the confidentiality of private healthcare information 38% 62% Overall (n=261) 1000-5000 employees (n=190) 5001-20,000 employees (n=45) >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 14
  • 15. As Many as 1 in 5 Emails Contains Risky Content “What percentage of email sent from your organization contains content that poses a legal, financial or regulatory risk?” • Mean (average) answer: 20% • Median answer: 10% • 19% of respondents “didn’t know” Proofpoint, Inc. Proprietary and Confidential ©2010 15
  • 16. Risky Content in Email 0% 5% 10% 15% 20% 25% 30% 35% 40% 32% 31% Adult, obscene, or potentially 19% offensive content 12% 7% 20% 34% Confidential or proprietary business 24% information about your organization 12% 9% 25% Valuable intellectual property or 28% trade secrets that should not 24% leave the organization 14% 9% Almost Never Less Common 26% Personal healthcare, financial Neutral 25% or identity data Common 22% that may violate privacy and Very Common 17% data protection regulations 10% Proofpoint, Inc. Proprietary and Confidential ©2010 16
  • 17. Risky Content in IM and Social Media 0% 5% 10% 15% 20% 25% 30% 35% 40% 36% 22% Adult, obscene, or potentially 23% offensive content 13% 7% 32% 25% Confidential or proprietary business 22% information about your organization 13% 8% 33% Valuable intellectual property or 26% trade secrets that should not 20% leave the organization 12% 9% 34% Personal healthcare, financial 21% Almost Never or identity data 20% Less Common that may violate privacy and 17% Neutral data protection regulations 9% Common Very Common Proofpoint, Inc. Proprietary and Confidential ©2010 17
  • 18. Importance of Reducing Outbound Email Risks in the Next 12 Months 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 37% 43% Very important 20% 23% 33% 31% Important 36% 46% 16% 13% Somewhat important 27% 19% 3% 3% Somewhat unimportant 5% 4% 8% 8% Overall (n=261) Very unimportant 5% 1000-5000 employees (n=190) 8% 5001-20,000 employees (n=45) 2% 1% >20,000 employees (n=26) Unimportant 7% 0% 1% 1% Don’t know 0% 0% Proofpoint, Inc. Proprietary and Confidential ©2010 18
  • 19. Importance of Reducing Outbound HTTP Risks in the Next 12 Months 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 30% 33% Very important 18% 23% 37% 37% Important 42% 31% 19% 17% Somewhat important 22% 31% 6% 5% Somewhat unimportant 9% 4% 2% 1% Overall (n=261) Unimportant 2% 1000-5000 employees (n=190) 4% 5001-20,000 employees (n=45) 7% 6% >20,000 employees (n=26) Very unimportant 7% 8% 0% 1% Don’t know 0% 0% Proofpoint, Inc. Proprietary and Confidential ©2010 19
  • 20. Agenda About Proofpoint and Our 2010 Survey Frequency of Data Loss/Exposure Events Risky Content in Email and Social Media Policies and Enforcement Actions • Prohibited activities • Adoption of acceptable use and other policies • Discipline and termination for policy violations How do Companies Reduce Outbound Email and Web Risks? Proofpoint, Inc. Proprietary and Confidential ©2010 20
  • 21. Prohibited Activities 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 63% Prohibit use of P2P 58% file-sharing sites 80% 81% 53% 53% Prohibit use of Facebook 63% 38% 53% Prohibit use of media-sharing 49% sites (e.g., YouTube) 60% 67% 49% 47% Prohibit use of Twitter 60% 38% 40% Prohibit use of personal 40% Webmail 43% Overall (n=261) 33% 1000-5000 employees (n=190) 39% 5001-20,000 employees (n=45) Prohibit personal use 40% >20,000 employees (n=26) of the Web 35% 38% Prohibit personal use of 38% 42% corporate email during 28% company time 24% 31% 32% Prohibit use of LinkedIn 38% 10% Proofpoint, Inc. Proprietary and Confidential ©2010 21
  • 22. Adoption of Acceptable Use Policies 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 94% 94% Acceptable use policy for email 96% 92% Web surfing policy 86% focused on 85% potential time wasted 91% by employees 85% 83% Web surfing policy 82% focused on 89% potential data loss 81% 81% 83% Social networking policy 73% 81% 80% Acceptable use policy for blog 82% and/or message board postings 73% 73% Overall (n=261) 1000-5000 employees (n=190) 5001-20,000 employees (n=45) >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 22
  • 23. Additional Email Policies Is Your Organization at Risk? 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 86% 85% Email retention policy 89% 92% 82% 85% Acceptable encryption policy 80% 65% 80% 80% Automatically forwarded email policy 79% 83% Overall (n=261) 1000-5000 employees (n=190) 5001-20,000 employees (n=45) >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 23
  • 24. Formal Policy Training Are Employees Equipped to Understand Your Policies? 0% 10% 20% 30% 40% 50% 60% 70% 55% Conducted a formal training 58% about the organization's email security policies 60% 31% 42% Conducted a formal training 45% about external regulations that apply email use 42% 15% 31% Conducted a formal training 38% Overall (n=261) about Web/social media security and acceptable use policies 16% 1000-5000 employees (n=190) 5001-20,000 employees (n=45) 12% >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 24
  • 25. Discipline & Termination: Email & Blog Violations 0% 10% 20% 30% 40% 50% 60% 70% 50% Disciplined an employee for 52% violating email policy 38% 58% 20% Terminated an employee for 21% violating email policy 11% Overall (n=261) 31% 1000-5000 employees (n=190) 5001-20,000 employees (n=45) 24% Disciplined an employee for 26% violating blog/message board policy 16% 19% 11% Terminated an employee for 13% violating blog/message board policy 4% 12% Proofpoint, Inc. Proprietary and Confidential ©2010 25
  • 26. Discipline & Termination: Media Sharing & Social Media 0% 10% 20% 30% 40% 50% 60% 70% 21% Disciplined an employee for 23% violating media sharing/posting policy 16% 15% 9% Terminated an employee for 10% violating media sharing/posting policy 7% Overall (n=261) 8% 1000-5000 employees (n=190) 5001-20,000 employees (n=45) 20% Disciplined an employee for 22% violating social networking policy 11% 15% 7% Terminated an employee for 9% violating social networking policy 0% 8% Proofpoint, Inc. Proprietary and Confidential ©2010 26
  • 27. Agenda About Proofpoint and Our 2010 Survey Frequency of Data Loss/Exposure Events Risky Content in Email and Social Media Policies and Enforcement Actions How do Companies Reduce Outbound Email and Web Risks? • Manual processes and technology adoption • The economy and data loss risk • SaaS and email security investment priorities Proofpoint, Inc. Proprietary and Confidential ©2010 27
  • 28. Reducing Data Loss Risks: Manual Processes 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 37% 38% Employ staff that monitors outbound email content 29% 38% 33% Overall (n=261) 34% 1000-5000 employees (n=190) Employ staff whose primary or exclusive job function is to read or otherwise analyze outbound email content 5001-20,000 employees (n=45) 23% >20,000 employees (n=26) 38% 48% 51% Perform regular audits of outbound email content 36% 48% Proofpoint, Inc. Proprietary and Confidential ©2010 28
  • 29. Poll #2 Are there employees in your organization tasked with reading or analyzing the contents of outbound email? • Yes • Yes – and that person is me • No • Don’t know Proofpoint, Inc. Proprietary and Confidential ©2010 29
  • 30. Reducing Data Loss Risks: Outbound Email Scanning Technologies 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 40% Technology solution that detects 44% protected health information in outbound email 27% 38% 39% Technology solution that detects private personal 40% or financial information in outbound email 33% Overall (n=261) 46% 1000-5000 employees (n=190) 5001-20,000 employees (n=45) 42% >20,000 employees (n=26) Technology solution for automatic encryption 43% of messages based on content & policies 41% 38% 36% Technology solution for detecting 39% intellectual property in outbound email 22% 38% Proofpoint, Inc. Proprietary and Confidential ©2010 30
  • 31. Reducing Data Loss Risks: Web Monitoring, Archiving, Outbound Spam 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 39% 43% Technology solution for monitoring content in webmail and other HTTP traffic 27% 38% 54% Overall (n=261) 55% 1000-5000 employees (n=190) Technology solution for email archiving 5001-20,000 employees (n=45) 52% >20,000 employees (n=26) 48% 65% 63% Technology solution for detecting spam or malware in outbound email 60% 85% Proofpoint, Inc. Proprietary and Confidential ©2010 31
  • 32. The Economy Continues to Have a Negative Impact on Data Protection 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 58% Budget constraints have negatively 59% impacted my organization’s ability to protect confidential, proprietary 59% or sensitive information 50% 53% IT staff reductions have negatively 54% impacted my organization's ability to protect confidential, proprietary 51% and sensitive data 50% 48% Increasing number of layoffs in 51% Overall (n=261) my organization has created an 1000-5000 employees (n=190) increased risk of data leakage 44% 5001-20,000 employees (n=45) 36% >20,000 employees (n=26) Proofpoint, Inc. Proprietary and Confidential ©2010 32
  • 33. Do SaaS and Cloud Computing Increase Data Loss Risks? 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 49% Overall (n=261) The trend toward using SaaS and 1000-5000 employees (n=190) 49% cloud computing solutions in the 5001-20,000 employees (n=45) enterprise seriously increases the 50% >20,000 employees (n=26) risk of data leakage 44% 31% of companies have a SaaS messaging system 52% say they have deployed a SaaS solution for inbound email scanning • Additional 17% will “definitely” do so in the future • Additional 18% “might” 31% say they have deployed a SaaS solution for outbound DLP/compliance scanning • Additional 19% will “definitely” do so in the future • Additional 17% “might” Proofpoint, Inc. Proprietary and Confidential ©2010 33
  • 34. Email Security Investment Priorities Over the Next 12 Months 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 32% 36% Improving the ability to manage 21% eDiscovery in email 7% 3% Improving the ability to prevent 30% 36% sensitive content from leaving the 20% organization through email 8% in an unauthorized manner 7% 41% 25% Improving malware detection 21% and prevention 9% 4% 35% 30% Improving spam filtering 23% 7% 5% 25% Improving the ability to manage 38% eDiscovery for non-email 24% electronic content 8% Very High Priority 5% High Priority 25% Neutral 33% Improving employee self-service Low Priority 26% to archived email 8% Very Low Priority 8% Proofpoint, Inc. Proprietary and Confidential ©2010 34
  • 35. Q&A / Next Steps Attend a Live Proofpoint Demo Session Thursdays at 2:00 pm ET / 11:00 am PT Register today at www.proofpoint.com/livedemo For questions or more information contact us at: webinars@proofpoint.com, 408-517-4710 proofpoint.com/facebook proofpoint.com/twitter blog.proofpoint.com Proofpoint, Inc. Proprietary and Confidential ©2010 35
  • 36. Webinar Survey Enter to Win a Netbook! We value your opinion. Attendees of today’s webinar who complete the survey at the end of the presentation (within 10 minutes) will be entered to win a Netbook! Proofpoint, Inc. Proprietary and Confidential ©2010 36