Part 2 of 4 posts discussing the Ponemon Institute’s study on “The State of Data-Centric Security.”
It’s never been easier to move data from one place to another. Powerful mobile devices and faster Internet connections have led to the rapid exchange of information. But this convenience comes with consequences for Information Technology managers.
In a recent study of over 1,500 global IT and IT security practitioners, the Ponemon Institute has put the challenge into perspective and revealed that IT pros are well aware of the problem at hand.
Top reasons IT professionals list for data insecurity
The rapid rise of insecure cloud-based storage and collaboration services has led to vast quantities of company data migrating to the cloud. In an unapproved and often porous system, the security implications of some cloud solutions are obvious: When corporate files live in someone else’s storage solution, they are vulnerable.
Bring Your Own Device (BYOD) policies are also proliferating. While new concepts like BYOD can save company money and time, they can also create new issues by allowing and even encouraging sensitive company data to live on employees’ personal devices.
Smartphone apps are getting easier to use, including collaboration and approval tools designed to make life easier for the end user. The temptation to use simple solutions is strong when time-starved employees need to ferry multiple documents with large file sizes for review, comment, and signature.
What IT professionals are doing about it
Understanding how smart IT pros are handling the situation starts with understanding the biggest risk factors. By assembling a list of the weakest areas of security, it becomes much easier to plug the holes.
Selection and implementation of tools that encourage disciplined enforcement and forensics capabilities can fill a significant gap in the current security and compliance landscape, reducing risk across the organization. Solutions must also be simple for employees to use in order to increase the odds of mass adoption and long-term use, which are both necessary for mitigating security risks in a real way.