Loss Of Sensitive Data Remains Top CIO Concern

by CXOtoday News Desk    Sep 20, 2016

Seclore careers

While digital technologies have unlocked enormous productivity gains and helped businesses boost the bottom line, there’s also a growing risk of significant data loss, a chunk of them being sensitive organizational data. This is a top concern of CIOs and CISOs, according to a recent study.

The Enterprise Strategy Group (ESG) research study conducted by IT company Seclore has come up with some interesting findings. While 98% of respondents cited the loss of sensitive data as a top or significant concern, many believe it is very or somewhat likely that sensitive data had been lost or accessed inappropriately in the last 12 months. Commonly stated reasons for data loss include, emails inadvertently sent to the wrong person (67%), unauthorized access (64%) and lost portable storage devices (61%).

New sets of challenges

Loss of information due to human error continues to be a concern, but CIOs must also work to prevent theft: 56% of respondents said it’s very or somewhat likely that files had been stolen by partners, contractors or customers (with 28% saying it’s very likely), as well as 58% saying the same about files being stolen by employeesand malicious software (60%).

According to the study, IT faces a new set of challenges and requirements particularly when protecting sensitive data assets. “The need to collaborate with third parties makes file sharing a common occurrence, which can also pose as a security threat if information is accessed by an unauthorized party. In fact, 34% of respondents noted that 26 to 50% of their employees regularly share files with individuals external to their organizations. Other challenges include hybrid IT, the rise of the mobile workforce and shadow IT applications,” the study noted.

EFSS is quickly gaining parity as one in a variety of solutions used for sending, sharing and collaborating: Organizations are quickly adopting Enterprise File Sync and Share (EFSS) services as a means to share information, with 75% of respondents noting that EFSS is used frequently to share files with others and 54% noting that their end-users use two to three authorized and unauthorized file sharing services. While EFSS is a highly popular method for sending documents, traditional methods of sharing files are still frequently utilized. Portable storage devices (60%), FTP (58%), and email (79%) are also reported to be used for collaboration by respondents’ organizations. The ability to persistently secure any file type across all sharing methods, devices, and storage locations is paramount.

Besides, external collaboration, including collaboration enabled by Enterprise File Sync and Share (EFSS) services, is likely driving investment in EDRM: 47% of respondents indicated that they have already deployed an EDRM solution and 37 percent said they are committed to doing so in the next 12 to 24 months. The trend towards increased adoption of EFSS, and the external collaboration that it enables, is likely the primary reason.

The study finds that first-generation EDRM systems are not an effective approach to persistently securing information: 69% of those who already employed EDRM reported current plans for refreshing or augmenting their existing solutions and an additional 27% are stating their intention to do so in the next 12 months. Three of the top four most-cited perceived challenges of EDRM solutions stated by all respondents was their inability to integrate with existing systems, difficult policy management for IT and difficult utilization for end-users due to agent requirements.

Planning security architecture

A next-generation EDRM solution, based on the results of the ESG research, can best be characterized as having increased breadth and depth in usage controls and types of files that can be protected, the ability to integrate with other applications to automate protection, and browser-based access for ease of use.

Vishal Gupta, the CEO of Seclore concluded with some important pointers towards which organizations can certainly start paying attention to, saying,  ”In order to stay competitive, organizations must embrace key business agility drivers, such as mobility, outsourcing, file-sharing, and cloud-based systems, but also must acknowledge how these factors open up organizations to unnecessary security risks that can cause devastating repercussions. Next-generation data-centric security solutions are a critical piece to a strategically planned security architecture as they go beyond the perimeter and ensure that sensitive data is controlled, no matter where it travels or is stored.” 

The research titled ‘Securing Information in the Age of External Collaboration’ included inputs from 200 individuals who are senior IT and security professionals, who have influence over purchase decisions, which in turn highlights the need for organizations to have the necessary technologies in place to ensure policies travel with sensitive data wherever and however it is shared.