Survey Maps Enterprise Data Security Management Turmoil - And How to Stop It

  • Aug 23, 2007

RSA, The Security Division of EMC, recently announced the results of a survey commissioned by RSA entitled "The State of Data Security in North America." Conducted by Forrester Consulting, the survey results reveal that many businesses are still in a 'reactive mode' when deploying data security measures and often struggle with the challenge of creating and implementing planned strategies for data loss prevention. The report - which surveyed almost 200 organizations - also highlights the rising costs and technology implementation hindrances standing in the way of compliance with internal and regulatory policy mandates.

"Organizations are grappling with the 'data security dilemma': how to respond to specific regulatory mandates and pressing issues while laying out a holistic and sustainable strategy for data loss. Too often, the point-solutions being deployed today complicate and can potentially derail long-term efforts to get this right," said Dennis Hoffman, Vice President and General Manager, Data Security Group, and Chief Strategy Officer at RSA, The Security Division of EMC. "The survey demonstrates that securing data has become an information management process that cannot be addressed effectively through unrelated projects and products: that all data must first be identified and classified; that different controls will need to be applied to prevent the data's loss; and that the enterprise-wide management of those controls needs to be as efficient as possible."

Companies Need to Enable Safe Access to Data

The survey showed that the flexibility to make information readily available to partners, customers and distributed workers are top priorities for businesses today. Seventy-five percent of the respondents reported that access to data by remote employees is a top concern, followed next by demands for collaboration and data exchange with partners at sixty-nine percent, and consumer access at sixty-three percent.

Adhering to Internal Policies Considered Critical but Costly

Organizations are cognizant of the imperative to manage and control their data securely and appropriately - as prescribed in many legislative and industry mandates. In fact, sixty-two percent of respondents consider the enforcement of existing company policies on data to be their most pressing driver in ensuring that data is properly secured before it is shared and distributed. However, controlling the rising costs of ongoing compliance with those policies is becoming a burden, and thirty-three percent of the respondents - the majority response to this question - noted the operational costs of compliance are more significant than they would like them to be.

The research also revealed how many organizations have yet to determine what shape their policies should take - and how to implement them effectively:

• Fifty-five percent of respondents have data security policies that are either outdated or require significant changes to bring them in line with regulatory and company mandates • Twenty-seven percent indicated that the policy they have is rarely enforced

What is Holding Businesses Back

1. Knowing what data you have - and understanding its sensitivity Determining the scope of how to address company policy requirements starts with data classification - knowing what data is important and everywhere it is located.Data classification is essential to providing proper guidance for a data security strategy and ensuring focus on the most critical areas so that costs can be contained.
• Fifty-two percent of respondents listed data classification as a top priority; however, thirty-seven percent of respondents do not actually have a data classification policy

2. Using Appropriate Data Controls to Prevent Loss or Leakage Once companies have a data classification policy in place, the next step is to implement a control strategy to mitigate the associated risks to their data.Encryption is quickly becoming the de facto control technology for meeting data security requirements:
• Sixty-two percent of respondents intend to increase their encryption deployments and sixty-five percent plan to increase their overall spending on encryption • Fifty-two percent of respondents intend to increase spending on information leak prevention technology, another important control
• However, sixty-two percent of those surveyed either do not have an encryption policy or strategy at all, or consider their strategy to be incomplete as it only covers data at rest or data in transit, but not both. Implementing a strategy that addresses all aspects of a data security policy requires an enterprise-wide approach.However, this survey showed that seventy-eight percent of respondents do not always approach the adoption of encryption controls from an enterprise-wide perspective.Instead, they focus more on solving tactical operational problems increasing the operational costs of deploying and managing encryption controls.

3. Simplifying the Management of Data Controls In the survey, the biggest contributor cited to the rising costs and deficient rate of return on investment on encryption was the lack of enterprise-wide key management.The top three operational issues with encryption indicated by respondents were in the area of key management, and over fifty percent of respondents also noted that these operational problems have had a material impact on the business.Most organizations polled, fifty-three percent, still rely on manual processes to deal with key management issues. "The results of the survey indicate that a comprehensive and cost-effective approach to data security will help organizations construct manageable - and repeatable - data loss prevention processes," Hoffman continued."This framework will enable enterprises to fully exploit their information's value for business advantage." Methodology

In April 2007, RSA commissioned Forrester Consulting to survey North American organizations and ask them about their priorities and activities around data protection. In this online survey:

• Twenty percent of respondents were from companies of between 5,000 and 20,000 people, 21 percent were from organizations of greater than 20,000 employees.
• Twenty-nine percent of respondents were from organizations with revenues between $1 billion and $10 billion, and 17 percent had revenues of greater than $10 billion. • All respondents used encryption within their companies, and all respondents were involved with encryption policy within their company. • About half of respondents had titles of Chief Security Officer or Chief Information Security, CIO, IT Director, or VP of IT

The survey, "The State of Data Protection in North America," conducted by Forrester Consulting, can be found online at: http://www.rsa.com/solutions/financial/whitepapers/ForresterStateofDataSecurit yAugust07.pdf.

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Surveillance Cameras Provide Peace of Mind for New Florida Homeowners

    Managing a large estate is never easy. Tack on 2 acres of property and keeping track of the comings and goings of family and visitors becomes nearly impossible. Needless to say, the new owner of a $10 million spec home in Florida was eager for a simple way to monitor and manage his 15,000-square-foot residence, 2,800-square-foot clubhouse and expansive outdoor areas. Read Now

  • Survey: 72% of CISOs Are Concerned Generative AI Solutions Could Result In Security Breach

    Metomic recently released its “2024 CISO Survey: Insights from the Security Leaders Keeping Critical Business Data Safe.” Metomic surveyed more than 400 Chief Information Security Officers (CISOs) from the U.S. and UK to gain deeper insights on the state of data security. The report includes survey findings on various cybersecurity issues, including security leaders’ top priorities and challenges, SaaS app usage across their organization, and biggest concerns with implementing generative AI solutions. Read Now

  • New Research Shows a Continuing Increase in Ransomware Victims

    GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now

Most   Popular

Featured Cybersecurity

Webinars

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3