IT Security Pros Clueless About Location of Sensitive Data
Organizations are in the dark about their sensitive data. That's a key takeaway from a new report by data integration software provider Informatica.
The report, "The State of Data Centric Security," was conducted by the Ponemon Institute, and surveyed over 1,500 IT and IT security professionals worldwide.
The top concern of IT security professionals: not knowing the location of sensitive or private data. This was a higher concern than even hacker attacks, malicious employees and compliance issues. Only 15 percent of the surveyed organizations knew where all of their most sensitive structured data lived, 24 percent have no idea where any of it is, and only seven percent knew the location of sensitive unstructured data, such as in e-mails and documents.
'Time Is Ripe'
Larry Ponemon, the chairman and founder of the institute, said in a statement that "the time is ripe for a wider adoption of the technologies and expertise to make data-centric security an priority."
The report also said that automated, sensitive data-discovery tools can help to reduce risk and increase the effectiveness of security. Informatica, as one might expect, provides such a tool, Informatica Secure@Source, which automates the discovery, analytic and visualization of sensitive data location, risk and proliferation.
Only 40 percent of respondents use an automated solution that can discover the locations and relationships of sensitive and private data. Twenty-two percent use it for finding sensitive data in e-mails and files, but almost 75 percent said they would benefit from such a solution.
More than half are not sleeping well, at least in a figurative sense, because of this situation. Fifty-seven percent said "not knowing where sensitive data resides keeps them up at night." But other issues are also depriving IT personnel of their shut-eye. Fifty-one percent cite migration to new mobile platforms as a sleep robber, 50 percent mention temporary worker and contractor mistakes, and 42 percent point to outsourcer management.
Intelligent Data Platform
Clearly, this report highlights the need for sleeping pills or sleep therapy in addition to automated tools for finding sensitive data.
In May, the company released its Intelligent Data Platform at its Informatica World 2014 conference in Las Vegas.
The platform is not yet a finished product, but it is being presented as a vision that is being developed as "a combination of existing Informatica platform capabilities and new product initiatives, some of which are in early beta testing." The company said some of its platform capabilities will be available as packaged offerings and reference architecture by the end of this year.
There are three components to this platform. A data intelligence layer delivers self-service data for businesses, collecting metadata, semantic data and usage information. It also analyzes the metadata and makes recommendations that help users make decisions. A second component, the data infrastructure, offers clean and connected data. And a data engine, such as Informatica's Vibe, aggregates and manages data. Use cases include finding useful data without IT, as well as for data-centric security involving the Secure@Source application.
Secure@Source complements existing security operations, but it also finds all instances of sensitive data, visualizes the risk and maps the risk so the data can be secured. Functions can include creation of a "data risk heat map," monitoring in real-time of data usage patterns, and protection based on a data risk index that is tied to compliance regulations and data policies.
Posted: 2014-07-10 @ 7:24pm PT
@Phyllis: We appreciate the correction and have fixed that typo. Thanks for the catch!
Posted: 2014-07-10 @ 7:08pm PT
I think that you ought to change "there" to "their" in the top of your story.