What’s keeping IT professionals awake at night?
Data storage, data access and data sharing.
Compliance, regulation and the unpredictable behaviour of employees have the biggest impact on data security, according to a new Concensus survey.
Commissioned by HANDD Business Solutions, the findings are launched alongside its new Advisory Paper – ‘Securing the Journey of Your Data’. This tackles the issue of data protection and provides organisations with an insight into the challenges and solutions associated with securing data on its journey through the company.
Rules and regulation
The survey of 304 IT professionals shows that 21% believe regulations, legislation and compliance will be one of the greatest business challenges to impact data security.
The General Data Protection Regulation (GDPR) is causing real concern among professionals in their bid to be compliant by the deadline, less than 12 months away. GDPR will not only raise the privacy bar for companies across the EU, but will also impose extra data protection burdens on them.
HANDD CEO and Co-Founder Ian Davin commented: “Companies must change their mindset and look at data, not as a fungible commodity, but as a valuable asset. Data is more valuable than a pot of gold, which puts companies in a challenging position as the stewards of that data. C-suite executives must understand the data protection challenges they face and implement a considered plan and methodical approach to protecting sensitive data.”
Worryingly, 41% assign the same level of security resources and spend for all company data, regardless of importance. Analysing and documenting the characteristics of each data item is a vital part of its journey through an organisation. A robust data classification system will see all data tagged with markers defining useful attributes. This includes sensitivity level or a retention requirement and ensuring that an organisation understands completely which data requires greater levels of protection.
“Many organisations have no insight into the data that they hold and so don’t understand which data is worth heavy investment and which isn’t so the reality is that they could be spending as much on securing the lunch menu as they are on securing their customers’ data,” explains Danny Maher, CTO at HANDD.
While 43% think that employees are an organisation’s greatest asset, more than a fifth (21%) believe the behaviour of employees and their reactions to social engineering attacks, which can trick them into sharing user credentials and sensitive data, also poses a big challenge to data security.
“Employees are probably your biggest asset, yet they are also your weakest link, and so raising user awareness and improving security consciousness are hugely important for companies that want to drive a culture of security throughout their organisation,” adds Danny Maher.
Storage is also a key problem area, with more than a third (35%) citing that ensuring data is stored securely as their biggest challenge and most likely to keep them awake at night. A data record’s classification will enable a company to make these decisions automatically and definitively, dictating its location and whether an encryption policy should apply.
Having stored data to comply with its security policy, a company must ensure that an access management system is in place. This system must understand roles and responsibilities and allow users to see only the information they need. In HANDD’s survey, less than half (45%) of IT professionals are confident they have an identity access management process in place that dictates different privileges for different users depending on their roles and responsibilities. A further 15% have no access management system in place at all.
Source: Origin Communications