Survey Maps Enterprise Data Security Management Turmoil - And How to Stop It

  • Aug 23, 2007

RSA, The Security Division of EMC, recently announced the results of a survey commissioned by RSA entitled "The State of Data Security in North America." Conducted by Forrester Consulting, the survey results reveal that many businesses are still in a 'reactive mode' when deploying data security measures and often struggle with the challenge of creating and implementing planned strategies for data loss prevention. The report - which surveyed almost 200 organizations - also highlights the rising costs and technology implementation hindrances standing in the way of compliance with internal and regulatory policy mandates.

"Organizations are grappling with the 'data security dilemma': how to respond to specific regulatory mandates and pressing issues while laying out a holistic and sustainable strategy for data loss. Too often, the point-solutions being deployed today complicate and can potentially derail long-term efforts to get this right," said Dennis Hoffman, Vice President and General Manager, Data Security Group, and Chief Strategy Officer at RSA, The Security Division of EMC. "The survey demonstrates that securing data has become an information management process that cannot be addressed effectively through unrelated projects and products: that all data must first be identified and classified; that different controls will need to be applied to prevent the data's loss; and that the enterprise-wide management of those controls needs to be as efficient as possible."

Companies Need to Enable Safe Access to Data

The survey showed that the flexibility to make information readily available to partners, customers and distributed workers are top priorities for businesses today. Seventy-five percent of the respondents reported that access to data by remote employees is a top concern, followed next by demands for collaboration and data exchange with partners at sixty-nine percent, and consumer access at sixty-three percent.

Adhering to Internal Policies Considered Critical but Costly

Organizations are cognizant of the imperative to manage and control their data securely and appropriately - as prescribed in many legislative and industry mandates. In fact, sixty-two percent of respondents consider the enforcement of existing company policies on data to be their most pressing driver in ensuring that data is properly secured before it is shared and distributed. However, controlling the rising costs of ongoing compliance with those policies is becoming a burden, and thirty-three percent of the respondents - the majority response to this question - noted the operational costs of compliance are more significant than they would like them to be.

The research also revealed how many organizations have yet to determine what shape their policies should take - and how to implement them effectively:

• Fifty-five percent of respondents have data security policies that are either outdated or require significant changes to bring them in line with regulatory and company mandates • Twenty-seven percent indicated that the policy they have is rarely enforced

What is Holding Businesses Back

1. Knowing what data you have - and understanding its sensitivity Determining the scope of how to address company policy requirements starts with data classification - knowing what data is important and everywhere it is located.Data classification is essential to providing proper guidance for a data security strategy and ensuring focus on the most critical areas so that costs can be contained.
• Fifty-two percent of respondents listed data classification as a top priority; however, thirty-seven percent of respondents do not actually have a data classification policy

2. Using Appropriate Data Controls to Prevent Loss or Leakage Once companies have a data classification policy in place, the next step is to implement a control strategy to mitigate the associated risks to their data.Encryption is quickly becoming the de facto control technology for meeting data security requirements:
• Sixty-two percent of respondents intend to increase their encryption deployments and sixty-five percent plan to increase their overall spending on encryption • Fifty-two percent of respondents intend to increase spending on information leak prevention technology, another important control
• However, sixty-two percent of those surveyed either do not have an encryption policy or strategy at all, or consider their strategy to be incomplete as it only covers data at rest or data in transit, but not both. Implementing a strategy that addresses all aspects of a data security policy requires an enterprise-wide approach.However, this survey showed that seventy-eight percent of respondents do not always approach the adoption of encryption controls from an enterprise-wide perspective.Instead, they focus more on solving tactical operational problems increasing the operational costs of deploying and managing encryption controls.

3. Simplifying the Management of Data Controls In the survey, the biggest contributor cited to the rising costs and deficient rate of return on investment on encryption was the lack of enterprise-wide key management.The top three operational issues with encryption indicated by respondents were in the area of key management, and over fifty percent of respondents also noted that these operational problems have had a material impact on the business.Most organizations polled, fifty-three percent, still rely on manual processes to deal with key management issues. "The results of the survey indicate that a comprehensive and cost-effective approach to data security will help organizations construct manageable - and repeatable - data loss prevention processes," Hoffman continued."This framework will enable enterprises to fully exploit their information's value for business advantage." Methodology

In April 2007, RSA commissioned Forrester Consulting to survey North American organizations and ask them about their priorities and activities around data protection. In this online survey:

• Twenty percent of respondents were from companies of between 5,000 and 20,000 people, 21 percent were from organizations of greater than 20,000 employees.
• Twenty-nine percent of respondents were from organizations with revenues between $1 billion and $10 billion, and 17 percent had revenues of greater than $10 billion. • All respondents used encryption within their companies, and all respondents were involved with encryption policy within their company. • About half of respondents had titles of Chief Security Officer or Chief Information Security, CIO, IT Director, or VP of IT

The survey, "The State of Data Protection in North America," conducted by Forrester Consulting, can be found online at: http://www.rsa.com/solutions/financial/whitepapers/ForresterStateofDataSecurit yAugust07.pdf.

Featured

  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

  • AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders

    Arctic Wolf recently published findings from its State of Cybersecurity: 2025 Trends Report, offering insights from a global survey of more than 1,200 senior IT and cybersecurity decision-makers across 15 countries. Conducted by Sapio Research, the report captures the realities, risks, and readiness strategies shaping the modern security landscape. Read Now

  • Analysis of AI Tools Shows 85 Percent Have Been Breached

    AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now

  • Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

    Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now

Most   Popular

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”