Most IT Pros Don't Know Where All Corporate Data Resides

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Two recent surveys have found that while the vast majority of IT professionals feel an overwhelming sense of personal responsibility to protect corporate data, very few of them know with any confidence where that data resides.

A survey of more than 1,500 IT and IT security professionals, conducted by the Ponemon Institute and sponsored by Informatica, found that only 16 percent of respondents know where all of their sensitive structured data resides -- and just seven percent know the location of all of their sensitive unstructured data, including data in emails and documents.

Fully 57 percent of respondents say not knowing where sensitive data resides keeps them up at night.

Just 26 percent of respondents say they're confident in their ability to detect a data breach involving structured data, and only 12 percent are confident in their ability to detect a breach involving unstructured data.

"The majority of respondents agree that not knowing the location of data poses a serious security threat," Ponemon Institute chairman and founder Dr. Larry Ponemon said in a statement. "Clearly, the time is ripe for a wider adoption of the technologies and expertise to make data-centric security an enterprise priority."

Ponemon told SC Magazine that the sheer volume of data often provides a serious challenge. "The increase in data from all sources increases the risk of data breach and other privacy-related snafus for organizations," he said. "Mobile devices, mobile workforce and employees' use of insecure cloud apps further exacerbate this risk."

Organizations should take four key steps to mitigate that threat, Ponemon said: determine the location of information assets, create a governance process that prioritizes information based on its importance, invest in technologies that help IT gain visibility over the information lifecycle, and establish metrics to ensure that the risk of data loss or theft is being successfully mitigated.

A separate survey of more than 100 IT professionals, conducted by Ipswitch, found that while 84 percent of respondents feel an overwhelming sense of personal responsibility to protect corporate information, 42 percent say their organization doesn't mandate methods for securely transferring corporate files.

The survey also found that 15 percent of respondents say that while their organization does have a process in place for securely transferring data, employees regularly work around it -- and 10 percent of respondent say file transfer methods have caused their organization to be out of compliance with regulations or corporate policy.

Eighteen percent of respondents say they've lost a critical file, 11 percent have spent more than an hour trying to retrieve the file, and 10 percent have lost the file forever.

"While it's great to see the responsibility employees feel for corporate information, I challenge businesses to look at the transfer of files as seriously as they do things like encryption and compliance -- especially as threats to those files become more prevalent across the extended enterprise," Ipswitch vice president of products and strategy Steve Hess said in a statement.