Research reveals breakdown in UK businesses data security practices

Published: Wednesday, 01 July 2015 07:17

New Ponemon research, highlighting that UK businesses are unable to determine the risk to 58 percent of the confidential data stored in the cloud and 28 percent of the sensitive information held on premise, has been published.

The study, supported by Informatica Corporation, explored how UK organizations are approaching data security, and reveals that businesses are failing to identify sensitive or confidential information.

Less than half (45 percent) have a common process in place for discovering and classifying the sensitive or confidential data on premise and only a quarter have a process in place for data in the cloud.

As information continues to proliferate, not knowing where sensitive or confidential data resides is one of the biggest concerns for 55 percent of IT and IT security practitioners.

Data growth renders manual processes, custom tools and surveys obsolete for developing an accurate and actionable picture of the sensitive data at risk within organizations. As a result, organizations are relying on automated solutions to help them discover sensitive or confidential data and assess the risk. On average, 46 percent are using such tools for data on premise and 34 percent for data in the cloud.

“As the research shows, the majority of organizations do not have a handle on their sensitive data, regardless of whether it exists on premise or in the cloud. However, because businesses have less confidence in their understanding of sensitive data then they perceive more risk,” said Amit Walia, senior vice president and general manager, Data Integration and Security, Informatica. “To reduce threat exposure and improve breach resiliency, organizations need to invest in data centric security technologies, which enable businesses to enact the need-to-know data access policies that help limit the exposure of sensitive data.”

The research also reveals that if an organization does not know what sensitive data it has on premise, then it is highly unlikely that it will understand what it has moved to the cloud for platform or application services.

Overall, 30 percent of the sensitive or confidential data located in the cloud is believed to be at risk.

Despite respondents being more concerned about data security in the cloud than they are about data on-premise, only 32 percent of organizations have a common process for assessing the threats, creating a blind spot in security.

Overall, 54 percent of respondents admit they are not confident in their ability to proactively respond to a new threat in the cloud highlighting that data growth and proliferation from, and within, the cloud raises security and privacy risks if not carefully understood and managed. In contrast, 28 percent of the sensitive or confidential data located on premise is deemed to be at risk and 42 percent of businesses have a common process for accessing the threats, with 55 percent claiming that they are confident in their ability to proactively respond to a new threat.

“The survey highlights that whilst organizations continue to fear cyberattacks, what really keeps them up at night is the unknown. Namely not knowing where data is and the associated risk to it,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “Whilst businesses are more confident about having data on premise, the shift towards cloud computing is continuing to accelerate and organizations can’t afford to be held back by data security concerns. Instead, security practitioners need to get a handle on the classification of data so that they can feel more confident about the information that they are moving to the cloud. Regardless of whether information is held on premise or in the cloud, data governance protocols should be the same. ”

The survey of 118 UK IT and IT security professionals with responsibility for data protection was completed by the Ponemon Institute as part of the annual 2015 State of Data Security Intelligence study sponsored by Informatica.

www.informatica.com