Guest Column | June 10, 2016

You Can't Lose What You Don't Have

Data loss prevention (DLP) gets a new edge with retention management.

By Dennis Chepurnov, Manager of Product Marketing, Lexmark Enterprise Software

Data loss is a rapidly growing area of risk for organizations, regardless of industry or sector. With enterprise data doubling every two years, and with new systems and devices entering the corporate information ecosystem each day, the prospect of the next breach becomes a question of when, not if.

While a handful of recent mega-breaches captured everyone’s attention last year, the reality is the problem is not isolated to mega corporations and is much more common with even average organizations losing tens of thousands of records each year.

The Cost Of Data Loss

Whether the exposure is unintentional or the result of malicious intent, the organization stands to incur substantial financial costs including customer remuneration (free credit monitoring services and promotional discounts on purchases), security consulting and remediation, and lost revenue due to customer defection and damaged brand reputation.

Ponemon Institute’s 2015 Cost of Data Breach study concludes the average cost per lost record for U.S. companies is around $217, with some industries including healthcare and education paying in the $300s. With the average number of records lost by U.S. companies in 2015 at around 28,000, the total average cost is more than $6.53 million.

The New Leverage

Traditional Data Loss Prevention (DLP) strategies focus on protecting information at several tiers including network, system, and user levels. From firewalls and intrusion detection systems to specialized DLP solutions, Corporate IT teams leverage a full arsenal of security tools to minimize the risk of accidental or intentional access to, copying, and distribution of sensitive information.

These tools a great, but wouldn’t it be even better if we could do more than just minimize the risk? How about completely eliminating it, at least for a subset of sensitive information?

In the normal course of business, large volumes of sensitive content enter your organization. These may be images of customer driver’s licenses and bank checks, or forms with credit card or social security numbers. While this information is needed temporarily for activities like opening a new account or completing a transaction, it then just sits among your other data, usually unmanaged, being a liability rather than an asset and creating active and unnecessary risk.

This is where your DLP efforts can get an unexpected boost from another enterprise practice — Enterprise Content Management (ECM). Modern ECM platforms like Perceptive Content from Lexmark help you create intelligent retention policies that allow you to actively manage the lifecycle of sensitive information. Retention policy management tools provide these key capabilities for enhancing your DLP practices:

  • time- and event-based policies
  • tracking of electronic and physical documents
  • automated destruction, holds and transfer of files

If you are not quite ready to destroy the content because you are mandated to hold on to it for a specified period of time, the Retention Policy Management tools can also automate the archival of this content to secure systems or locations.

As an added advantage, because the retention policies are managed digitally, you gain a complete audit trail, including certificates of destruction and chain of custody, which will save you time and simplify eDiscovery if your organization goes to litigation.

For today’s organizations, keeping all data forever no longer makes sense. Luckily, you can minimize the risk and protect your customer and vendor information by exercising active retention policy management.