Companies are securing the perimeter but failing to protect data from insiders

Nearly half of professionals across a broad range of industries have taken data with them—anything from documents and lists to sales proposals and contracts—when they’ve left a job. According to the global ‘Information Security Survey on Internal Threats,’ users don’t see their company’s IT security practices as obstacles to accessing data outside of their organization, with many employees taking company information when they change jobs. Additionally, the survey identifies inefficient business processes used when employees share sensitive electronic information with other co-workers or external partners.

The recent survey, conducted by online survey services provider Zoomerang and commissioned by enterprise rights management leader Liquid Machines, validates anecdotal evidence that corporations are not doing enough to control access to sensitive electronic information. The research showed that some 45 percent of respondents have taken data with them when they’ve left a job. While some have simply e-mailed data to a personal address, in many cases, they’ve had the ability to take vast amounts of data with them right from their desktops via peripheral storage devices. Eighty-seven percent of those surveyed are allowed to use flash drives, while 69 percent can use external hard drives. Even MP3 devices, in use by 46 percent of respondents, can be used as external hard drives.

“Companies remove employees’ physical access to the office and network, but are not expiring access to sensitive documents, files and e-mails that leave the enterprise,” said Mike Ruffolo, CEO of Liquid Machines. “With inside threats posing such an obvious risk to the business, CIOs must implement solutions that add protection and control directly to the electronic information, expiring access to sensitive information regardless of where it exists – inside or outside of the enterprise network.”

Perimeters are safe; what lies inside may not be
Information security is inherently the exercise of a defensive mindset riddled with a healthy sense of paranoia. Traditionally, the solution has been to defend the perimeter from ‘the bad guys’ and rely on end users to participate in the process, with the hopes that they will accept a few inconveniences for the common good.

However, the findings of this survey show that the greatest security problems may be at a more fundamental level than the network’s perimeter—the real problems may be with the information held within the networks, at the document level. The network perimeters may be safe, but most end users are accessing and sharing information in potentially dangerous ways; are taking information with them when they leave jobs; and are wary of where information may end up when forwarding documents electronically.

Employees turn to inefficient means of protecting electronic information
With the laissez-faire attitude among many of the respondents about the portability of data from one job to another, many employees are wary of their co-workers’ and partners’ use of sensitive information—to the point that 39 percent of respondents have printed a document to prevent it from being forwarded electronically.

More than half the respondents believe the competition is stealing their intellectual property (IP)
With so many admitting to taking data with them when they leave jobs, it’s no surprise that 53 percent of respondents believe their company’s IP is being used by the competition. Among manufacturing employees, a whopping 71 percent believe their competition has used its intellectual property; technology employees agree with this statement 63 percent of the time.

Nearly a third of respondents believe more than half of their company’s data is at risk
Despite concerns around IP theft, 32 percent of respondents believe that more than half of their company’s data would be at risk if it escaped the network or confines of their office. Technology (43 percent) and manufacturing (39 percent) employees believe their companies’ risks are greatest.

Nearly half of respondents believe the security is lacking
Some 42 percent of respondents believe that security in place at their companies is non-existent, not strong enough, the wrong type of security or too restrictive. By industry, a full 50 percent of manufacturing employees fall into this camp, as do 48 percent of those working in technology.

More than 900 professionals in a wide range of industries completed the survey over a one-month period earlier in 2007. A Research Brief providing detailed information on the findings is available at www.liquidmachines.com/infosecuritysurvey

•Date: 18th May 2007 • Region: World •Type: Article •Topic: ISM
Rate this article or make a comment - click here