The study, exploring how UK organisations are approaching data security, reveals that businesses are failing to identify sensitive or confidential information.
· Less than half (45 per cent) have a common process in place for discovering and classifying the sensitive or confidential data on premise and only a quarter have a process in place for data in the cloud.
· As information continues to proliferate, not knowing where sensitive or confidential data resides is one of the biggest concerns for 55 per cent of IT and IT security practitioners.
· Data growth renders manual processes, custom tools and surveys obsolete for developing an accurate and actionable picture of the sensitive data at risk within organisations. As a result, organisations are relying on automated solutions to help them discover sensitive or confidential data and assess the risk.
· On average, 46 per cent are using such tools for data on premise and 34 per cent for data in the cloud.
“As the research shows, the majority of organisations do not have a handle on their sensitive data, regardless of whether it exists on premise or in the cloud. However, because businesses have less confidence in their understanding of sensitive data then they perceive more risk,” said Amit Walia, senior vice president and general manager, Data Integration and Security, Informatica. “To reduce threat exposure and improve breach resiliency, organisations need to invest in data centric security technologies, which enable businesses to enact the need-to-know data access policies that help limit the exposure of sensitive data.”
The research also reveals that if an organisation does not know what sensitive data it has on premise, then it is highly unlikely that it will understand what it has moved to the cloud for platform or application services.
· Overall, 30 per cent of the sensitive or confidential data located in the cloud is believed to be at risk.
· Despite respondents being more concerned about data security in the cloud than they are about data on-premise, only 32 per cent of organisations have a common process for assessing the threats, creating a blind spot in security.
· Overall, 54 per cent of respondents admit they are not confident in their ability to proactively respond to a new threat in the cloud highlighting that data growth and proliferation from, and within, the cloud raises security and privacy risks if not carefully understood and managed.
· In contrast, 28 per cent of the sensitive or confidential data located on premise is deemed to be at risk and 42 per cent of businesses have a common process for accessing the threats, with 55 per cent claiming that they are confident in their ability to proactively respond to a new threat.
“The survey highlights that whilst organisations continue to fear cyberattacks, what really keeps them up at night is the unknown. Namely not knowing where data is and the associated risk to it,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “Whilst businesses are more confident about having data on premise, the shift towards cloud computing is continuing to accelerate and organisations can’t afford to be held back by data security concerns. Instead, security practitioners need to get a handle on the classification of data so that they can feel more confident about the information that they are moving to the cloud. Regardless of whether information is held on premise or in the cloud, data governance protocols should be the same. ”