Más contenido relacionado Similar a Proofpoint Outbound/DLP Survey Results (20) Proofpoint Outbound/DLP Survey Results1. Research Results: Outbound
Email and DLP Survey, 2010
Keith Crosley
Director of Market Development
Proofpoint
Michael Osterman
Analyst and Principal
Osterman Research
Proofpoint, Inc. Proprietary and Confidential ©2010 1
2. Agenda
About Proofpoint and Our 2010 Survey
Levels of Concern and Risky Content
Frequency of Data Exposure Events
Risky Content in Email and Social Media
Policies and Enforcement Actions
How do Companies Reduce
Outbound Email and Web Risks?
Proofpoint, Inc. Proprietary and Confidential ©2010 2
3. Proofpoint:
Cloud-Enabled Email Solutions
4000 Leading email security, compliance &
Customers archiving solutions for complex organizations
Enterprise-class protection for
lowest email risk & cost-of-ownership
Industry leadership
Leaders Quadrant, Fastest Growing Best Buy, 5 Stars
SEG Magic Quadrant Messaging Security (2009, 2010)
(2008 & 2010) (2008)
Proofpoint, Inc. Proprietary and Confidential ©2010 3
4. About our Seventh Annual Survey:
Goals
Quantify the risks related to outbound
messaging
Raise awareness of policy, technology and
cultural issues
Understand technology adoption trends
Special topics
• Social media risks in the enterprise
• Data loss and the economy
Proofpoint, Inc. Proprietary and Confidential ©2010 4
5. About our Seventh Annual Survey:
Respondents
Survey of 261 email technology/policy decision makers
Companies with 1000 or more employees:
• 190 with 1000 – 5000; 45 with 5001 – 20,000; 26 with 20,000+
• 139 private, 122 publicly-traded
Key roles
• 46% Director or manager of IT
• 21% CIO, CTO or senior-most IT executive
• 12% director or manager of messaging/email systems
Email systems
• 98% have on-premises email system
(Exchange 2007, 2003 and 2010 most common)
• 31% have a SaaS email system (Exchange 2007, 2010 most common)
Proofpoint, Inc. Proprietary and Confidential ©2010 5
6. Agenda
About Proofpoint and Our 2010 Survey
Frequency of Data Loss/Exposure Events
• What are IT pros most worried about?
• What are the most common types of data loss
events?
Risky Content in Email and Social Media
Policies and Enforcement Actions
How do Companies Reduce
Outbound Email and Web Risks?
Proofpoint, Inc. Proprietary and Confidential ©2010 6
7. Data Loss/Exposure is not Rare
0% 10% 20% 30% 40% 50% 60%
36%
Exposure of sensitive or 36%
embarrassing information 30%
47%
31%
Improper exposure or theft 33%
of customer information 30%
13%
29% Overall (n=261)
1000-5000 employees (n=190)
Improper exposure or theft 32%
5001-20,000 employees (n=45)
of intellectual property 18%
>20,000 employees (n=26)
27%
20%
Ordered by a court or regulatory body 14%
to produce employee email 27%
54%
Proofpoint, Inc. Proprietary and Confidential ©2010 7
8. Poll #1
Was your organization negatively impacted
by the improper exposure of confidential
information in the past 12 months?
• Yes
• No
• Don’t Know
Proofpoint, Inc. Proprietary and Confidential ©2010 8
9. Levels of Concern about
Various Data Loss Conduits
0% 10% 20% 30% 40% 50% 60% 70%
Physical loss: Laptops,
smartphones and other devices 64%
Web-based email
(e.g., Hotmail, Gmail) 60%
Email sent from
mobile devices 56%
Email sent from organization’s
SMTP email system 55%
Postings to blogs and
message-boards 54%
Posts to social networking sites
(e.g., Facebook, MySpace, LinkedIn, etc.) 53%
Posts to media sharing sites
(e.g., YouTube, etc.) 52%
Short messages (e.g., SMS, MMS)
sent from mobile devices 51%
Messages sent via Web-based
short messaging… 51%
Instant Messaging (IM)
applications 50%
FTP (File Transfer Protocol) 49%
Peer-to-peer (P2P)
networks 46%
Proofpoint, Inc. Proprietary and Confidential ©2010 9
10. Data Loss Events:
Email, Blogs, Devices, Employee Termination
0% 10% 20% 30% 40% 50% 60%
35%
Investigated a suspected leak of 30%
confidential or proprietary information via email 44%
54%
32%
Investigated a suspected violation of 32%
privacy or data protection regulations related to email 27%
38%
25%
Investigated the exposure of confidential, sensitive 24%
or private information via a blog or message board
24%
posting
35%
22%
Investigated the exposure of confidential, sensitive or 21%
private information via lost or stolen mobile devices
22%
or storage media Overall (n=261)
27%
1000-5000 employees (n=190)
21% 5001-20,000 employees (n=45)
Investigated a suspected leak or theft of confidential 21%
or proprietary information associated with an >20,000 employees (n=26)
18%
employee leaving the company
27%
Proofpoint, Inc. Proprietary and Confidential ©2010 10
11. Data Loss Events:
Social Media
0% 10% 20% 30% 40% 50% 60%
20%
Investigated the exposure of confidential, sensitive 21%
or private information via a posting
18%
to a social networking site
23%
18%
Investigated the exposure of confidential, sensitive 20%
or private information via video or audio media
11%
posted to a media sharing site
19%
Investigated the exposure of material financial 18%
information 18%
(such as unannounced quarterly results or significant
11%
deals)
via a blog or message board posting 23%
17% Overall (n=261)
Investigated the exposure of confidential, sensitive 17% 1000-5000 employees (n=190)
or private information via short message service 5001-20,000 employees (n=45)
16%
(e.g., SMS, MMS, Twitter)
15% >20,000 employees (n=26)
Proofpoint, Inc. Proprietary and Confidential ©2010 11
12. Agenda
About Proofpoint and Our 2010 Survey
Frequency of Data Loss/Exposure Events
Risky Content in Email and Social Media
• Top outbound email concerns
• How much email contains risky content?
• Four types of risky content in email and IM/social media
Policies and Enforcement Actions
How do Companies Reduce
Outbound Email and Web Risks?
Proofpoint, Inc. Proprietary and Confidential ©2010 12
13. Top Outbound Email Concerns 1
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
74%
Ensuring compliance with 76%
financial disclosure or
67%
corporate governance regulations
73%
72%
Protecting the confidentiality of 74%
personal identity and financial information 56%
85%
71%
Ensuring that email cannot be used 74%
to disseminate company trade secrets
56%
or valuable intellectual property
73%
71%
Ensuring that email cannot be used 75%
to disseminate confidential
55%
internal memos
69%
Overall (n=261) 1000-5000 employees (n=190) 5001-20,000 employees (n=45) >20,000 employees (n=26)
Proofpoint, Inc. Proprietary and Confidential ©2010 13
14. Top Outbound Email Concerns 2
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
67%
70%
Ensuring compliance with internal
corporate email policies 56%
62%
63%
Monitoring email for offensive 70%
or otherwise inappropriate
content and attachments 49%
38%
61%
66%
Protecting the confidentiality of
private healthcare information 38%
62%
Overall (n=261) 1000-5000 employees (n=190) 5001-20,000 employees (n=45) >20,000 employees (n=26)
Proofpoint, Inc. Proprietary and Confidential ©2010 14
15. As Many as 1 in 5 Emails Contains
Risky Content
“What percentage of email sent from your
organization contains content that poses a
legal, financial or regulatory risk?”
• Mean (average) answer: 20%
• Median answer: 10%
• 19% of respondents “didn’t know”
Proofpoint, Inc. Proprietary and Confidential ©2010 15
16. Risky Content in Email
0% 5% 10% 15% 20% 25% 30% 35% 40%
32%
31%
Adult, obscene, or potentially
19%
offensive content
12%
7%
20%
34%
Confidential or proprietary business
24%
information about your organization
12%
9%
25%
Valuable intellectual property or 28%
trade secrets that should not 24%
leave the organization 14%
9% Almost Never
Less Common
26%
Personal healthcare, financial Neutral
25%
or identity data Common
22%
that may violate privacy and Very Common
17%
data protection regulations
10%
Proofpoint, Inc. Proprietary and Confidential ©2010 16
17. Risky Content in IM and Social Media
0% 5% 10% 15% 20% 25% 30% 35% 40%
36%
22%
Adult, obscene, or potentially
23%
offensive content
13%
7%
32%
25%
Confidential or proprietary business
22%
information about your organization
13%
8%
33%
Valuable intellectual property or 26%
trade secrets that should not 20%
leave the organization 12%
9%
34%
Personal healthcare, financial 21% Almost Never
or identity data
20% Less Common
that may violate privacy and
17% Neutral
data protection regulations
9% Common
Very Common
Proofpoint, Inc. Proprietary and Confidential ©2010 17
18. Importance of Reducing
Outbound Email Risks in the Next 12 Months
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
37%
43%
Very important 20%
23%
33%
31%
Important 36%
46%
16%
13%
Somewhat important 27%
19%
3%
3%
Somewhat unimportant 5%
4%
8%
8% Overall (n=261)
Very unimportant 5% 1000-5000 employees (n=190)
8%
5001-20,000 employees (n=45)
2%
1% >20,000 employees (n=26)
Unimportant 7%
0%
1%
1%
Don’t know 0%
0%
Proofpoint, Inc. Proprietary and Confidential ©2010 18
19. Importance of Reducing
Outbound HTTP Risks in the Next 12 Months
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
30%
33%
Very important 18%
23%
37%
37%
Important 42%
31%
19%
17%
Somewhat important 22%
31%
6%
5%
Somewhat unimportant 9%
4%
2%
1% Overall (n=261)
Unimportant 2% 1000-5000 employees (n=190)
4%
5001-20,000 employees (n=45)
7%
6% >20,000 employees (n=26)
Very unimportant 7%
8%
0%
1%
Don’t know 0%
0%
Proofpoint, Inc. Proprietary and Confidential ©2010 19
20. Agenda
About Proofpoint and Our 2010 Survey
Frequency of Data Loss/Exposure Events
Risky Content in Email and Social Media
Policies and Enforcement Actions
• Prohibited activities
• Adoption of acceptable use and other policies
• Discipline and termination for policy violations
How do Companies Reduce
Outbound Email and Web Risks?
Proofpoint, Inc. Proprietary and Confidential ©2010 20
21. Prohibited Activities
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
63%
Prohibit use of P2P 58%
file-sharing sites 80%
81%
53%
53%
Prohibit use of Facebook 63%
38%
53%
Prohibit use of media-sharing 49%
sites (e.g., YouTube) 60%
67%
49%
47%
Prohibit use of Twitter 60%
38%
40%
Prohibit use of personal 40%
Webmail 43% Overall (n=261)
33%
1000-5000 employees (n=190)
39% 5001-20,000 employees (n=45)
Prohibit personal use 40% >20,000 employees (n=26)
of the Web 35%
38%
Prohibit personal use of 38%
42%
corporate email during 28%
company time 24%
31%
32%
Prohibit use of LinkedIn 38%
10%
Proofpoint, Inc. Proprietary and Confidential ©2010 21
22. Adoption of Acceptable Use Policies
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
94%
94%
Acceptable use policy for email
96%
92%
Web surfing policy 86%
focused on 85%
potential time wasted 91%
by employees 85%
83%
Web surfing policy 82%
focused on
89%
potential data loss
81%
81%
83%
Social networking policy
73%
81%
80%
Acceptable use policy for blog 82%
and/or message board postings 73%
73%
Overall (n=261) 1000-5000 employees (n=190) 5001-20,000 employees (n=45) >20,000 employees (n=26)
Proofpoint, Inc. Proprietary and Confidential ©2010 22
23. Additional Email Policies
Is Your Organization at Risk?
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
86%
85%
Email retention policy
89%
92%
82%
85%
Acceptable encryption policy
80%
65%
80%
80%
Automatically forwarded
email policy 79%
83%
Overall (n=261) 1000-5000 employees (n=190) 5001-20,000 employees (n=45) >20,000 employees (n=26)
Proofpoint, Inc. Proprietary and Confidential ©2010 23
24. Formal Policy Training
Are Employees Equipped to Understand Your Policies?
0% 10% 20% 30% 40% 50% 60% 70%
55%
Conducted a formal training 58%
about the organization's
email security policies 60%
31%
42%
Conducted a formal training 45%
about external regulations
that apply email use 42%
15%
31%
Conducted a formal training 38% Overall (n=261)
about Web/social media security
and acceptable use policies 16% 1000-5000 employees (n=190)
5001-20,000 employees (n=45)
12%
>20,000 employees (n=26)
Proofpoint, Inc. Proprietary and Confidential ©2010 24
25. Discipline & Termination:
Email & Blog Violations
0% 10% 20% 30% 40% 50% 60% 70%
50%
Disciplined an employee for 52%
violating email policy 38%
58%
20%
Terminated an employee for 21%
violating email policy 11%
Overall (n=261)
31%
1000-5000 employees (n=190)
5001-20,000 employees (n=45)
24%
Disciplined an employee for 26%
violating blog/message board policy 16%
19%
11%
Terminated an employee for 13%
violating blog/message board policy 4%
12%
Proofpoint, Inc. Proprietary and Confidential ©2010 25
26. Discipline & Termination:
Media Sharing & Social Media
0% 10% 20% 30% 40% 50% 60% 70%
21%
Disciplined an employee for 23%
violating media sharing/posting policy 16%
15%
9%
Terminated an employee for 10%
violating media sharing/posting policy 7%
Overall (n=261)
8%
1000-5000 employees (n=190)
5001-20,000 employees (n=45)
20%
Disciplined an employee for 22%
violating social networking policy 11%
15%
7%
Terminated an employee for 9%
violating social networking policy 0%
8%
Proofpoint, Inc. Proprietary and Confidential ©2010 26
27. Agenda
About Proofpoint and Our 2010 Survey
Frequency of Data Loss/Exposure Events
Risky Content in Email and Social Media
Policies and Enforcement Actions
How do Companies Reduce
Outbound Email and Web Risks?
• Manual processes and technology adoption
• The economy and data loss risk
• SaaS and email security investment priorities
Proofpoint, Inc. Proprietary and Confidential ©2010 27
28. Reducing Data Loss Risks:
Manual Processes
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
37%
38%
Employ staff that monitors outbound email content
29%
38%
33%
Overall (n=261)
34% 1000-5000 employees (n=190)
Employ staff whose primary or exclusive job function
is to read or otherwise analyze outbound email content 5001-20,000 employees (n=45)
23%
>20,000 employees (n=26)
38%
48%
51%
Perform regular audits of outbound email content
36%
48%
Proofpoint, Inc. Proprietary and Confidential ©2010 28
29. Poll #2
Are there employees in your organization
tasked with reading or analyzing the
contents of outbound email?
• Yes
• Yes – and that person is me
• No
• Don’t know
Proofpoint, Inc. Proprietary and Confidential ©2010 29
30. Reducing Data Loss Risks:
Outbound Email Scanning Technologies
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
40%
Technology solution that detects 44%
protected health information in outbound email 27%
38%
39%
Technology solution that detects private personal 40%
or financial information in outbound email 33% Overall (n=261)
46% 1000-5000 employees (n=190)
5001-20,000 employees (n=45)
42% >20,000 employees (n=26)
Technology solution for automatic encryption 43%
of messages based on content & policies 41%
38%
36%
Technology solution for detecting 39%
intellectual property in outbound email 22%
38%
Proofpoint, Inc. Proprietary and Confidential ©2010 30
31. Reducing Data Loss Risks:
Web Monitoring, Archiving, Outbound Spam
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
39%
43%
Technology solution for monitoring content
in webmail and other HTTP traffic
27%
38%
54%
Overall (n=261)
55% 1000-5000 employees (n=190)
Technology solution for email archiving 5001-20,000 employees (n=45)
52%
>20,000 employees (n=26)
48%
65%
63%
Technology solution for detecting
spam or malware in outbound email
60%
85%
Proofpoint, Inc. Proprietary and Confidential ©2010 31
32. The Economy Continues to
Have a Negative Impact on Data Protection
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
58%
Budget constraints have negatively
59%
impacted my organization’s ability
to protect confidential, proprietary 59%
or sensitive information
50%
53%
IT staff reductions have negatively
54%
impacted my organization's ability
to protect confidential, proprietary 51%
and sensitive data
50%
48%
Increasing number of layoffs in 51% Overall (n=261)
my organization has created an 1000-5000 employees (n=190)
increased risk of data leakage 44%
5001-20,000 employees (n=45)
36% >20,000 employees (n=26)
Proofpoint, Inc. Proprietary and Confidential ©2010 32
33. Do SaaS and Cloud Computing
Increase Data Loss Risks?
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
49% Overall (n=261)
The trend toward using SaaS and 1000-5000 employees (n=190)
49%
cloud computing solutions in the 5001-20,000 employees (n=45)
enterprise seriously increases the
50% >20,000 employees (n=26)
risk of data leakage
44%
31% of companies have a SaaS messaging system
52% say they have deployed a SaaS solution for inbound email
scanning
• Additional 17% will “definitely” do so in the future
• Additional 18% “might”
31% say they have deployed a SaaS solution for outbound
DLP/compliance scanning
• Additional 19% will “definitely” do so in the future
• Additional 17% “might”
Proofpoint, Inc. Proprietary and Confidential ©2010 33
34. Email Security Investment Priorities
Over the Next 12 Months
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
32%
36%
Improving the ability to manage
21%
eDiscovery in email 7%
3%
Improving the ability to prevent 30%
36%
sensitive content from leaving the
20%
organization through email 8%
in an unauthorized manner 7%
41%
25%
Improving malware detection
21%
and prevention 9%
4%
35%
30%
Improving spam filtering 23%
7%
5%
25%
Improving the ability to manage 38%
eDiscovery for non-email 24%
electronic content 8% Very High Priority
5%
High Priority
25% Neutral
33%
Improving employee self-service Low Priority
26%
to archived email 8% Very Low Priority
8%
Proofpoint, Inc. Proprietary and Confidential ©2010 34
35. Q&A / Next Steps
Attend a Live Proofpoint Demo Session
Thursdays at 2:00 pm ET / 11:00 am PT
Register today at www.proofpoint.com/livedemo
For questions or more information contact us at:
webinars@proofpoint.com, 408-517-4710
proofpoint.com/facebook
proofpoint.com/twitter
blog.proofpoint.com
Proofpoint, Inc. Proprietary and Confidential ©2010 35
36. Webinar Survey
Enter to Win a Netbook!
We value your opinion.
Attendees of today’s webinar who complete the survey
at the end of the presentation (within 10 minutes) will
be entered to win a Netbook!
Proofpoint, Inc. Proprietary and Confidential ©2010 36