BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

IT Struggles With Control of Enterprise Data

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 5 Nov 2014 19:42:49 -0700
http://www.eweek.com/enterprise-apps/it-struggles-with-control-of-enterprise-data.html

Enterprise leadership has buried its head in the sand regarding the risks
of ungoverned file sharing practices among their employees, according to
research conducted by the Ponemon Institute and sponsored by enterprise
file sharing and collaboration leader Intralinks.

Based on a survey administered to 1,100 IT professionals across three
countries (U.S., U.K. and Germany), half of these leaders said they are
themselves part of the problem, admitting they engage in fundamentally poor
behavior, and have failed to set up corporate policies or assign
accountability for data loss.

Just under half (49 percent) of respondents do not agree or are unsure they
have clear visibility into employees’ use of file sharing or file sync and
share applications.

Meanwhile, 61 percent of respondents confessed that they have "often or
frequently" shared files through unencrypted email accounts, failed to
delete confidential documents as required by policies, accidentally
forwarded files or documents to unauthorized individuals, or used personal
file-sharing/file sync-and-share apps in the workplace.

Less than half (46 percent) of respondents say the chief security officer
(CSO) and chief information officer (CIO) have ultimate authority and
responsibility for securing document collaboration and file-sharing
activities.

"Our research suggests that the relationship between the CSO and the CIO
can be very tense. CIO’s are mainly focused on IT productivity. From their
perspective, dealing with security requirements is just a necessary evil,"
Larry Ponemon told eWEEK. "On the other hand, CSOs--and CISOs--are mainly
concerned with the security of data and IT infrastructure. At times, the
push for greater security creates operational problems for CIOs, especially
when security requirements are viewed as diminishing IT efficiency."

More than 26 percent of applications are being used by various business
functions without the IT department’s approval or knowledge.

Half of respondents said they do not agree or are unsure their
organizations have the ability to manage and control user access to
sensitive documents and how they are shared.

The majority of the organizations represented in the research have policies
for managing and controlling data sharing, but often these policies are not
being communicated to employees--more than half of respondents (52 percent)
say their organizations have a clear policy for the adoption and use of
cloud-based file sharing/file sync-and-share applications.

But less than half (46 percent) says their organizations have yearly
training programs on the risks of data loss and theft. In fact, 31 percent
of respondents say they are unsure if such training exists.

Only 9 percent of respondents said their organizations are certified and
fully compliant today with ISO 2700--the international standard for
process-based security.

Meanwhile, 50 percent of respondents say that more than half of their
organization’s documents containing sensitive or confidential information
are exchanged with third parties.

The survey also reveled almost one-third of respondents said more than half
of employees in their organizations regularly share files outside the
company or beyond the firewall. Sixteen percent could not even determine if
that had happened.

In addition, a number of unsafe practices are happening frequently or often
in the majority of organizations, including receiving files and documents
not intended for the recipient (60 percent) and ignoring policies and not
deleting confidential documents or files (61 percent).

The survey found 61 percent accidentally forwards files or documents to
individuals not authorized to receive them and 62 percent accidentally sent
files or documents to unauthorized individuals outside the organization.

Fifty-four percent of respondents say the organization’s IT department is
involved in the adoption of new technologies for users such as cloud,
mobile and big data analytics.

However, their ability to control the risk of unsecured file sharing has
been diminished by the increasing influence of business units in how file
sharing and collaboration applications are used.

While 46 percent of respondents say the CISO and CIO have ultimate
authority and responsibility for securing document collaboration and
file-sharing activities, 21 percent say no one function has ultimate
authority.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: