We like to think that companies and other organizations protect the data they have in their systems. Particularly if it is data about us. Instances of hacking and identify theft are rising, so the concern is justified.
But a recent survey of over 1500 companies and IT security specialists conducted by the Ponemon Institute shows that "Only 15 percent of the surveyed organizations knew where all of their most sensitive structured data lived, 24 percent have no idea where any of it is, and only seven percent knew the location of sensitive unstructured data, such as in e-mails and documents."
The difference between structured data and unstructured data is crucial. Structured data tends to live in more secure environments, such as relational database systems, which on their own are not particularly secure but at least tend to have good security management systems that can be implemented. Unstructured data tends to reside in insecure systems, such as email applications. documents can be anywhere. Moreover, unstructured data tends to wander around more often into various devices.
This is one of the problems companies have. The proliferation of mobile devices and their ability to import and hold data means that this is where sensitive data often resides.
The answer is to adopt data centric security. That means building security around the data rather than/in addition to around the applications that exist in a company, which is the traditional approach.
Under a proper data centric security system, the companies would trace their data, encrypt it, ensure that it only goes where it is safe and control access to it all along the way. There are numerous data centric security systems available, but none are a panacea. Finding that data is difficult. But knowing where it might go is critical to good security.
No comments:
Post a Comment