Data Security Survey by Informatica, Scale Ventures and Ponemon
When it comes to sensitive data, what you don’t know will hurt you; and ignorance is not bliss.
Informatica, Scale Ventures and Ponemon Institute concluded their survey on data security, titled “Data Breaches and Sensitive Data Risk”.
This follows Informatica’s report last year on “The State of Data Intelligence“. The survey reveals considerable anxiety around sensitive data (the ultimate target of virtually all breaches) that it lacks the understanding, intelligence and focus needed for effective security planning, compliance, investments and controls. It also shows that most expect data breaches to grow and represent the primary concern for 2016.
This begs the question: How are organizations prioritizing security investments on data and network security today? Moreover, do organizations have the processes and tools in place to access their sensitive data and the risk is poses to the organization? Are we relying on old manual processes that have limited effectiveness? The survey answers these questions and more and will help you clarify the importance of data security intelligence and controls for your organization.
The survey represents a worldwide cross section of industries, IT and security executives, line of business management and data and security professionals. Key finding:
- First, do you know the risk of all your sensitive data, only 12% cited yes for structured data, only 7% for cloud and only 5% for big data. While organizations may have some understanding of risk based on applications and siloed solutions, precise understanding of global risk is not known. As the report concludes, this increases the concern that data breaches will occur: “The consequence of not knowing the risk makes a data breach the top security concern for companies represented in this research.” Moreover, organizations do not have the tools and processes to support the analysis of sensitive data risk. 54% of organization reported they had no schedule for sensitive data risk assessment, and 64 percent relied on homegrown tools to discover and assess sensitive data risk.
- Second, organizations reported that they do not have structured methods for risk reporting; 61% said they had no defined metrics. Conversely, only 9% of organizations cited that metrics and reporting was a top priority over the next 3-5 years. Undoubtedly the pressure will increase for organizations to track security metrics given that 65% reported that they believe the risk of data breach will increase over the next 12 months.
- Third, as reported in last year’s Data Security Intelligence Informatica-Ponemon report, many organizations have not deployed data security controls. Surprisingly, only 39% of reporting organizations cited the use of data masking. Data loss prevention has climbed modestly to 50% but only 25% are monitoring the access and activity of sensitive data. Given the severity of 2015 breaches, the myriad of regulations and privacy laws calling for the encryption, tracking and de-identification of sensitive data, these statistics indicate that most sensitive data is open to inside and outside attacks, as well as privacy law violations.
With growing data proliferation from outsourcing, analytics, cloud and big data, organizations should assume that data will be compromised. With the combination of Data Security Intelligence, data masking, encryption and other technologies, organizations can reduce their sensitive data risk from attacks, and reduce the likely hood of privacy violations. This survey provides strong evidence that organizations need to remove the guesswork out of security planning and prioritization, understanding data risk and applying both data controls and network security controls where the data presents the most risk to the organization.