Today’s evolving online threat landscape is challenging enterprises to make changes that will enhance their security. The threat of a data breach, for instance, is leading many organizations to invest in measures that will help protect their data. Even so, what intelligence is guiding these decisions remains uncertain. It is therefore an opportune moment to learn how and – to what extent – companies are using data security intelligence to minimize the possibility of a data breach, not to mention other risks that threaten their sensitive and confidential information. Fortunately, it was this purpose that motivated the publication of The State of Data Security Intelligence, a report sponsored by software development company Informatica and conducted by the Ponemon Institute. In total, 1,663 IT security practitioners located in 18 countries, working in a variety of industry sectors were interviewed for the report. Their responses have yielded three key findings with respect to how organizations are using data security intelligence.
IT Professionals Are Most Concerned About Data’s Location and Risk
Knowing the location and risk to sensitive data on premise and in the cloud is critical, reveals the report. Survey respondents were asked to name four factors that keep them up at night. Of the 13 answers that were ultimately listed, not knowing the location of and not understanding the risk posed to sensitive information garnered the greatest percentage of agreement at 64 percent and 52 percent, respectively, in North America. Respondents based in Europe and the rest of the world (ROW) also voted these same factors as their most serious worries. Whereas Europeans gave data location and risk a lower percentage valuation, ROW security professionals placed even greater emphasis on the two factors than their North American counterparts, at 67 percent and 54 percent, respectively.
To explore these fears in greater depth, respondents were asked about what percentage of data they thought to be at risk. According to their answers, about 24 percent of sensitive information stored on premises and 34 percent of data stored in the cloud is considered to be at risk of a security incident. These figures notwithstanding, their responses also yielded the finding that nearly one-third of data stored on site and half of the information located in the cloud cannot be assessed for risks—a serious concern for 80 percent of those who answered.
Data Stored in the Cloud Is More At Risk Than Information On Site
Another key finding of The State of Data Security Intelligence is that data located in the cloud is associated with greater risks than that which is stored on premises.
This finding applies to IT professionals’ ability to both assess and respond to risk. Whereas 43 percent of respondents reported that their organizations have implemented common processes to assess risk in data stored on premises, less than a third (30 percent) said the same of information located in the cloud. The disparity is even larger with respect to mitigating the risk of insider threats: 70 percent of respondents answered that they are able to track individuals’ use of sensitive information on site, whereas only 29 percent of respondents said they were able to do so in the cloud. Despite these threats, only 22 percent stated that there was little risk that employees, contractors and temporary workers might have too much access to sensitive data. Overall, the survey revealed that a majority of IT professionals (52 percent) are more comfortable assessing and responding to risks associated with data located on premises than information stored in the cloud. The same can be said for the rest of the world in terms of data risks that cannot be determined, as well as the availability of common processes that IT security personnel can use to analyze data for risks.
Most IT Pros Are Not Confident In Their Ability To Detect A Breach
The third and final key finding of The State of Data Security Intelligence reveals that a majority of IT professionals are not confident in their organizations’ ability to detect a breach in time. In fact, only 21% of respondents stated that their organization would be able to detect an incident. This is despite the fact that 55% of respondents said that their organizations had experienced a breach in the past 12 months.
In their minds, however, these figures could have been lower if additional resources had been made available to them. Nearly three-quarters of respondents (70 percent) believe that having more effective data risks assessment and intelligence technologies could have helped them avoid a major incident. More than half (59 percent) of IT professionals felt the same way about more skilled personnel with data security responsibilities.
Conclusion
Data security intelligence is a crucial asset when it comes to protecting companies’ sensitive information. But as The State of Data Security Intelligence reveals, many enterprises do not know their data’s risk and location, lack effective and common processes that can protect information stored in the cloud and on location, and have not invested in resources that could help detect a breach. Title image courtesy of ShutterStock
