Ignoring Security Harms Data Management

Threats—both internal and external—must be taken seriously to protect your data from unwanted access.

(Featured image credit)

 

Heterogeneous data as a threat

Ponemon Institute surveyed 870 IT professionals and found “nearly 70% feel that access to their unstructured data by employees is very often unwarranted.” Furthermore, 84% admit this data “is accessible by people with no business need for access.”

The problem usually lies in the way unstructured data is spread across the organization’s knowledge management systems, corporate applications (CRM / ERP systems), databases, files, etc., and the lack of a clear vision of how it should be consolidated. Recent Gartner research supports this with the figures of as much as 80 percent of actual or potentially mission-critical enterprise information taking the form of unstructured or semi-structured data.

So, you are at the stage where you’ve already realized that your company lives and thrives on data (research, development data, customer private data, contact list, spreadsheets / tables, etc.). You work so hard and do everything you can to keep your data clean and consolidated, and once you finally have the system that delivers quality at hand, you realize that your data isn’t exactly safe. Bummer! Today, when information is as valuable as it is and companies cannot afford having it stolen, lost, or disclosed, information security becomes the critical element and basically the driving force in most business processes.

 

Internal vulnerabilities

All potential threats can be divided into external or internal ones. External threats include unauthorized programs (such as worms, Trojan viruses, spy programs, etc.), and there is really no universal solution that would protect your company from all types of threats, that’s why there are so many specialized tools taking care of each particular problem. However, it’s the internal threats that usually make companies most vulnerable.

A recent Forrester survey of 305 security and e-mail professionals revealed some scary but realistic statistics:

1 in 3 companies investigated a breach of confidential data last year.
1 in 4 companies experienced an “embarrassing” leak of confidential information.
1 in 5 e-mails contains a legal, financial, or regulatory risk.

Here, two of the most probable scenarios of information security violation are:

  • the deliberate theft of confidential data by authorized users (or so-called insiders)
  • unintentional leak that can be caused by a number of factors (lack of awareness about company’s security policies, for instance)

When creating an information security system, developers try to extend its functionality to the maximum so as it would ensure extensive protection. Even operation systems today contain security features designed to increase an enterprise’s safety level. But this “universality” is unacceptable when speaking of valuable data. A universal security system becomes useless in corporate networks, where internal threats prevail (whether intentionally or not).

 

A possible solution

Ways out? Again, an integrated approach. This article on EbizQ.net suggests Data Loss Prevention (DLP) technologies as a way of securing your most valuable asset and creating transparency by enabling companies to monitor and track the whole data flow. Come to think of it, transparency is the key to creating a healthy and productive environment. Even in data integration systems, transparency is a neccessity, allowing you to see where your sensitive data is going, how it’s being transformed and saved, and how secure it is during these transactions. Transparency is another global asset that needs to be integrated into the corporate system o values.

Tools to address vulnerabilities (Image credit)

You could say, of course, that transparency is just another vague notion (like total security and clean data), perfection hard to achieve, especially for the old market players with established processes. Hard, yes, but not impossible. It’s something to go for. In the end, when your transparency efforts deliver security, it’s your company that will benefit.

So, looks like get transparency equals get security now. Keep in mind, like with anything that has to do with data cleansing, integration, and migration, the right security technology eventually comes in handy.

 

Further reading

 


The post is written by Alena Semeshko and Alex Khizhniak.

  •  
  •  
  •