Data is everywhere, being generated constantly and changing all the time. It's created every time you take a photo on a cell phone or camera, create a document, or input information into a database.
And with so much existing, and being created daily, it offers data hackers multiple opportunities to attempt (both unsuccessfully, and successfully) to steal this information and use it for their own nefarious means. The proliferation and size of removable devices also offers employees a way to copy sensitive data onto a USB stick for instance, and remove it from the company premises.
How is data stolen or moved offsite? Well, the obvious way is a hack of the network, but this in itself takes time, and if a company is watching the network traffic, they may come across suspicious activities and start investigating further. But this isn't always a given and if the company finds out after the information is out in the public sphere, the impact on reputation is massive.
Another way would be a disgruntled employee who makes use of external media to copy data onto, and then remove from the company premises. This is perhaps a much easier and less obtrusive method of getting hold of sensitive data and providing it to outside sources if required.
Another way is the use of applications such as Dropbox, OneDrive or even email to move data in and out of the company. This raises the question of "shadow IT" - IT processes not known to the company's IT department and being used by employees. Data is easily copied between the local PC and a cloud-based storage provider, or attached to an email and moved off, often after renaming the document.
So what is data protection? Simply put, it's the process of safeguarding important information from corruption, compromise or loss (thanks TechTarget.com). Essentially ensuring that the data held on your company's premises, or on a cloud provider, is never at risk of being stolen, deleted or removed.
For many companies, data protection involves backing up that data and not ensuring the flow of data is protected. For others, they either don't know about, or attach value to, the protection of data. Legislation that has been released world over the past 18-24 months will hold them liable for the protection of data, but knowledge remains low. But data loss of any kind will lead to punishment in the form of fines, reputational damage, or even lead to the closure of a company depending on the level of damage suffered.
For this, companies need to ensure they're doing everything they can, armed with the tools at their disposal, to do this. In the next article I will look at how to protect this data, and focus in Symantec's product, Data Loss Prevention.