Data Management Lacking, Putting Businesses at Risk: Varonis
Businesses are putting themselves at serious risk of data loss or data breaches because senior management doesnt know where company data is stored, a survey from data governance software specialist Varonis Systems indicated. In the survey of more than 400 companies, 67 percent of respondents said that senior management in their organizations either don't know where all company data resides or are not sure. In addition, 74 percent of organizations reported that they do not have a process for tracking which files have been placed on third-party cloud digital collaboration and storage services.
While 23 percent of respondents said they are developing a process for authorizing and reviewing access to cloud storage platforms, only 9 percent of respondents' companies actually have policies for that in place. This suggests that for the 68 percent of respondents with no plans in place or formal processes for granting and reviewing access, the majority of businesses data is up for grabs, as the report terms it.
The bring-your-own-device (BYOD) trend is also causing consternation among organizations, with a majority of respondents (57 percent) reporting that BYOD would be a more attractive option for their organizations if they could provide secure access to their internal file shares for collaboration. Overall, 78 percent of survey respondents said they would prefer to use their existing permissions and storage if they could provide collaboration and file-synchronization services similar to cloud-based services.
"The results clearly show a lack of control by those organizations that have adopted cloud file-sync services," David Gibson, vice president of strategy at Varonis, said in a press statement. "The most disturbing findings were the number of companies that report they have no way to track what data is being stored in the cloud, no process to manage access to that data (or plans to do so), and that management doesn't know where enterprise data is stored. This should act as a wake-up call for organizations to develop a conscious strategy to ensure secure collaboration as quickly as possible."
In response to the survey results, Gibson drew up a list of recommendations for secure collaboration, suggesting companies monitor access to all data, which could help identity data owners and identify unused data and abuse, and also identify data owners for each data set. Gibson said owners should then perform a preliminary entitlement review to see if data is safely and correctly stored and determine that no unauthorized users have access to that data.