Part 1 of 4 posts discussing the Ponemon Institute’s study on “The State of Data-Centric Security.”
In a recent study of over 1,500 global Information Technology (IT) and IT security practitioners, the Ponemon Institute provided a comprehensive view on the state of data security. This inside-out view of IT should be considered extremely valuable to executives looking to understand the current landscape and gain insight into IT operations.
Our analysis of the report highlights three critical principles that management in all industries must not only understand, but also proactively implement if they want to avoid significant risk exposure.
Over half of the organizations participating in the survey stated that a data breach had occurred in the past year. That staggering statistic is backed by data showing how these breaches could have been prevented.
At issue is the concept of building discipline into the system through effective policies, technologies, and training to support the secure sharing of data.
Invisible data threatens companies on a daily basis. This invisible data lives in cloud-based storage and collaboration solutions, on employees’ personal computers and mobile devices, and on third-party servers outside the purview of IT. As you can see in the graph below, the majority of IT practitioners agree that not knowing where sensitive data is or how to protect it presents a huge security concern.
The rise of invisible data is a result of advancing technology that makes it simple for employees to create copies of files when collaborating. By providing similar technology that is accessible to employees while also simple to use, the company can begin to rein in the growing threat.
Implementing tools that fill the largest security gaps should be a top executive priority this year. Note how respondents in the Ponemon study categorize the opportunity for improvement.
The goal is to remove as many compliance decisions from users as possible, forcing them to work within a secure system, but this must be balanced with user experience. By implementing a system that is both simple for employees to use and comprehensively compliant, IT and executive management can ensure adoption and long-term use of the system, thus eradicating major security risks and empowering employees to do more.