Justifying the Cost of Data Protection Solutions
Justifying the cost of data protection solutions
Back to our original question: how does a company justify the cost of data protection solutions? In analyzing a regional hospital with 500 beds, 1,000 employees and 200 laptops, the hospital serves a population of 100,000 and has one laptop stolen every six months, on average.
If 1,000 patient records were located on the stolen laptop and the hospital had to notify each patient at a cost of $202 per record, the hospital would be better off paying $4,000 for the encryption of the laptops to avoid spending $202,000 on the disclosure.
As the workforce continues to rely and expand its use of mobile devices (that is, smartphones and laptops), opportunity for data leakage of sensitive information increases. Let's explore a real-life example: a business executive using his laptop from an airport lounge is communicating via Skype to his family and child's soccer team coach. He accidently attaches a customer list instead of the soccer team registration. An effective data protection system will warn and block the transfer.
This type of accident is fairly common. A recent report from the Ponemon Institute suggests that the most common breaches (64 percent) occur from company insiders. In its January 2009 study, they found more than 88 percent of all cases involved insider negligence.
A comprehensive data protection solution can lower these statistics in several ways. First, it can assist organizations in identifying sources of unsecured PHI and PI. For example, advanced discovery tools are capable of quickly locating sensitive data no matter where it resides on your system. Second, an effective data protection and leakage prevention system comes bundled with extensive, ready-to-use templates containing policies that will provide effective protection and encryption with little to no user intervention. The more automatic and transparent the system, the better.