Data Migration a Security Threat: Varonis

Organizations are potentially exposing themselves to data breaches during migrations, and many don't have confidence their data is secure, according to a Varonis survey.

While 95 percent of organizations move data at least once per year, 65 percent of companies said they are not confident sensitive data was protected during a migration, according to an August survey of C-Level IT executives conducted by data governance software specialist Varonis Systems. The survey found 96 percent of respondents reported concerns when performing data migrations, with many leaving their data overexposed and vulnerable. The results suggest a growing data security problem that could affect the vast number of businesses performing data migrations and consolidations.

Organizations most commonly move data from one file server to another or to network attached storage (NAS) (80 percent), between domains (44 percent) and from file shares to SharePoint (40 percent). Two-thirds of organizations report that they usually move more than 1TB of data at a time, for a variety of reasons, including infrastructure upgrades and organizational changes--for example, a merger or acquisition. On the security side, 35 percent of those surveyed reported that they were very confident sensitive data would only be accessible to the right people during a migration.

“The survey underscores that maintaining who has access to what is an ongoing problem for organizations. The scale of the problem that organizations face when moving terabytes of data may be surprising, as a typical terabyte contains about 50,000 folders, and of those folders about 5 percent, or 2,500 folders, have unique permissions,” David Gibson, Varonis vice president of strategy, said in a prepared statement. “An average access control list (ACL) contains three to five security groups, and a typical group contains anywhere from five to 50 users, as well as other groups that contain even more users and groups. Let’s say each access control list represents 5 minutes of work to re-create—that’s over 200 hours of work per terabyte of data moved.”

About one-third of respondents described themselves as being very confident that sensitive data will be accessible to the correct people during a move, but only 20 percent reported that maintaining permissions is not an issue. Seventeen percent of respondents reported it as a significant issue, 49 percent reported it as a slight-to-moderate issue and a worrying 14 percent said they are aware of the issue but have not addressed it.

“Data and domain migrations are a big part of IT’s day-to-day activities. Organizations already face challenges maintaining availability, data integrity and confidentiality during a migration, not to mention identifying the data that should be moved and who it belongs to,” the report concluded. “With no slowdown in data growth in sight, IT organizations should anticipate that more migrations and archival projects will need to fit into their already busy schedules.”

Data security fears also are affecting adoption of cloud services, an earlier Varonis report found. That survey revealed that while 80 percent of companies do not allow their employees to use cloud-based file synchronization services, 70 percent of companies would use these services if they were as robust as internal tools. Only 20 percent of survey respondents said they currently allow file synchronization technology services due to fears of data leakage, security breaches and compliance issues.