Sensitive Data Protection Bedevils IT Security Pros


Most organizations don't know where their sensitive structured or unstructured data resides, says new Ponemon study.


Knowing where sensitive data is located on an organization's computer systems would seem a prerequisite for sound IT security, but the vast majority of IT security practitioners say they can't count even on that fundamental premise, according to a Ponemon Institute study released Tuesday.


Only 16% of respondents said they knew where their organization's sensitive structured data resides, according to the State of Data Centric Security study. A mere 7% of respondents said they know the location of all sensitive unstructured data, including in emails and documents.


Not knowing where their organization's sensitive or confidential data is located was the No. 1 worry of the IT security respondents, eclipsing both hacker attacks and insider threats, according to the study.


The study, which was sponsored by data integration software provider Informatica, is based on a survey of 1,587 IT security professionals whose jobs include helping protect sensitive or confidential structured and unstructured data.


[Critical infrastructure: Phishing Scam Targeted 75 US Airports.]

The study's purpose was to determine how organizations are responding to threats to the security of their structured and unstructured data. It revealed that they mainly rely on the classification of sensitive data to protect their data assets.


When asked what technologies their organization uses to protect its structured data assets, 68% of respondents said sensitive data classification and 62% identified application-level access controls.


One of the key findings of the study was that while data security remains a continuing threat for organizations, it is not given the attention it merits.


'What this study shows is that data protection procedures at most organizations are woefully insufficient, as sensitive and confidential data continues to proliferate beyond traditional IT perimeters,' said Larry Ponemon, the institute's chairman and founder.



Ponemon noted that while 79% of respondents agree that ignorance of sensitive data locations poses a serious security threat, only 51% believe that securing data is a high priority for their company.


The gap between the two suggests a lack of tools and resources, Ponemon said. 'Clearly, the time is ripe for a wider adoption of automated solutions that make it easier and more economical to make data-centric security an enterprise priority,' he said.


The study found that a clear majority of respondents (60%) said that their organizations are not using automated technologies to discover where sensitive or confidential data is located.


Of the 40% whose organizations are using automated tools, 64% said those tools are used to discover sensitive or confidential data located in databases and enterprise applications, but only 22% said they are used to uncover sensitive data in individual files and emails.


The most popular data security tools and capabilities are automated user access history with real-time monitoring and policy workflow automation, according to the survey.


A large majority of respondents were not confident in their ability to detect data breaches of either structured or unstructured data, the study found.


Twenty-six percent of respondents said they are confident in their ability to always detect a data breach involving structured data, while only 12% are as confident if the breach involves unstructured data.


When asked how a data breach might have been avoided, 58% of respondents said having more effective data security technologies in place, 57% cited more skilled data security personnel, and 54% said more automated processes and controls.


The best approach for organizations that are determined to discover all locations of their organizations' sensitive data is to procure a software tool that can automate the discovery, analytics, and visualization of sensitive data location and proliferation, according to the study.


'Automated sensitive data-discovery solutions are believed to reduce the risk to data and increase the security effectiveness,' the study said.


NIST's cyber-security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work? Read the Protecting Critical Infrastructure issue of InformationWeek Government today.

William Welsh is a contributing writer to InformationWeek Government. He has covered the government IT market since 2000 for publications such as Washington Technology and Defense Systems. View Full Bio


Comments

Post a Comment

Popular posts from this blog

5 Reasons iPhone 6 Won't Be Popular

Image
The majority of users are waiting for the next smartphone from Apple - iPhone 6 – this year. Unfortunately, the hype around iPhone began to gradually subside with each passing year after the 4th model launched. Therefore, it is possible that the sixth iPhone model of  will not be nearly as popular as it was in the beginning. Global audience perceived iPhone 4S and iPhone 5 much cooler than its early models New iPhones will not cause that “wow”-effect, which was in the beginning, when Steve Jobs' presentations caused a delight and admiration of every new Apple gadget. Some leaked photos of iPhone 5S prototype show that it does not differ from its predecessor at all. Therefore, all hopes for something radically new in design and features are laid on iPhone 6. And if Apple is no longer holds its standards, that seem to be a little bit old-fashioned already, it is unlikely that iPhone 6 will be interesting for people next year. 5 main reasons can be found to think like
Read more

Eset nod32 ativirus 6 free usernames and passwords

Image
                              Hi friends,after little long time I'm going to write again about eset nod 32 antivirus.As I told in previous post if you are user on windows 8 Eset nod 32 is the best antivirus for your personal computer.the latest product eset nod 32 antivirus 6 has special features with 100% really working.Not need to purchase full version from buying it.Download the eset nod 32 trial version and activate your est antivirus from below updated usernames and passwords. Firstly I would like to tell something about est nod32 antivirus 6. The latest product having: Eset smarter scan  Scan while downloading something Anti-Theft Idle-state scanning Clean and safe E-mail Removable media security system tools         Download Eset nod32 antivirus 6 Trial version Here     After downloading Eset nod32 Antivirus activate it using below usernames and passwords. Username: EAV-30326836                                       Password: ccka4dvsuv Expire: 16-10-2013 Username:EAV-79084
Read more

Apple's self

USA TODAY Apple's self-driving car racing toward reality, report saysUSA TODAYSAN FRANCISCO - Apple's self-driving car effort, code-named Project Titan , is more reality than rumor, according to documents obtained by the British newspaper The Guardian. Engineers working for the Cupertino-based tech hardware giant met in May with ...Apple Is Getting Closer to a Self-Driving CarTIMEApple is reportedly looking at places to test its self-driving carThe VergeApple eyes former naval base in California to test 'Project Titan' self ...Apple InsiderThe Independent -Business Insider -Cult of Macall 10 news articles »
Read more