Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Data protection lessons not being learned

A survey conducted by Varonis has found that 70 percent of organizations storing third party data are not ‘very confident’ that the sensitive data stored within their organization is protected. With 80 percent of organizations surveyed storing sensitive information from customers, clients, vendors and business partners, rather disconcertingly over half were only ‘fairly confident’ that it is protected. Nearly one fifth were ‘not confident at all’ that sensitive data is protected and a surprising 5 percent were left ‘unsure’.

This means that the majority of organizations in this study are failing to comply with Sarbanes-Oxley, the UK Data Protection Act 1988 and the EU Data Directive on Privacy.

David Gibson, Director of Strategy for Varonis, explains: “It’s worrying that so many companies are still complacent when it comes to data protection. It means that these organizations would have some serious questions to answer should they suffer a breach. In fact, regulators such as the SEC, ICO and EU would likely deem that they had failed in their obligation to provide appropriate security protection to prevent sensitive data breaches and impose a hefty financial penalty. It’s really not rocket science, if you’ve got sensitive data and you’re not very confident that it’s adequately protected you need to take action.”

When looking at the difference between organizations, of those who claimed to be very confident that their data was protected, 60 percent were very confident that they know where their sensitive data is stored. Over 40 percent monitor all actual access activity and assign owners to all folders and intranet sites. Additionally, 65 percent review and revoke permissions– 45 percent do so regularly, so not just when someone leaves the organization.

Unsurprisingly, those who are not confident that the data within their organizations is protected do not know where their data is stored (10 percent do), do not monitor all data access (0 percent do), do not have owners assigned for all data (3 percent do), and less regularly review and revoke access.

For an infographic showing highlights of the research and a pdf of the full results click here.

•Date: 20th April 2012 • World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here