14 September 2006

Corporate Data Policy: How good is your Inventory Management?

Stewards of corporate data have little or no understanding where their data is located. Not only this, customer and consumer information was ranked less important to protect from theft or loss of confidentiality than intellectual property and sensitive business information in this survey from the Ponemon Institute.

Vontu and Ponemon Institute conducted the first U.S. Survey: Confidential Data at Risk to better understand the nature and extent of issues that occur because companies do not have adequate control over the storage of sensitive or confidential data at rest. Our independently conducted survey queried 484 respondents who are employed in corporate IT departments within U.S.-based business or governmental organizations.

The survey focused on the following four issues:

1. How pervasive is the problem of unprotected confidential data at rest?

2. How do information security practitioners locate sensitive or confidential business information that resides (somewhere) within their organization’s IT infrastructure?

3. What technologies, practices and procedures are employed by organizations to locate and control sensitive or confidential data at rest on peripheral or temporary devices such as laptops, PDAs and memory sticks?

4. What are the issues, challenges and possible impediments to effectively locating unprotected sensitive or confidential data residing on peripheral or temporary devices?

When will customers and consumers demand that their information be put on the same level of priority as a organizations own trade secrets? In most cases, an organization will not devote resources to the confidentiality, integrity or availability of customer data unless it is demanded by regulators, laws and auditors.

Not until a state Attorney General or the SEC begins their investigations do companies realize that they are way behind in the process of identifying where their data is and where it is unsecured or exposed to the possibility of being modified, destroyed or stolen.

The four types of data considered to be most at risk in an organization are intellectual property, business confidential information, customer and consumer data, and employee data. It is interesting to note that most respondents believe the most serious kinds of data breaches involve the loss or theft of intellectual property and business confidential information.

Customer and consumer data and employee data are ranked third and fourth, respectively. The types of intellectual properties believed to be most at risk include electronic spreadsheets, competitive intelligence and source code.

And companies like Vontu are well positioned to provide some of the tools to assist organizations in protecting their valuable corporate information assets. Privacy of consumer information should not have to be legislated if an organization has an effective Governance Execution Strategy. This execution of the information inventory is in many cases left up to internal employees in the IT department. Continually under staffed and fighting fires prevents the systematic and consistent execution of day to day change controls and thereby leads to a widening exposure of vulnerable data considered valuable to the company or the consumer.

When it comes to lost or stolen laptops, servers, and backup tapes, the age old saying about an "Ounce of prevention…" applies more than ever. Implementing Data Loss Prevention has become a best practice in Fortune 1000 companies that are building strategies and processes to reduce their risk associated with lost or stolen laptops, servers, and backup tapes.

No comments:

Post a Comment