Corporate data loss can cost organisations €2.7 million in revenue and fines, according to Quest Software survey

Quest offers best practices on identity and access management to prevent exposure of business-critical data due to poor employee information-sharing habits

 

• 69% of CIOs say that organisations and employees should take greater responsibility for how business critical information is shared, stored and managed

• 65% of IT decision-makers believe that employees share information in a manner most convenient to them, and do not fully understand their role in ensuring corporate data is protected

• In the past 12 to 18 months, HR information (30%), customer data (25%) and financial information (23%) has been exposed outside of the business

MAIDENHEAD, UK, 12^th December 2012 – Use of consumer devices in the workplace, geographically dispersed teams, and the prevalence of social networks all are having a dramatic impact on the way people share corporate information, which is raising serious concerns around data security. Quest Software, now a part of Dell, recently commissioned Vanson Bourne to survey CIOs in the UK, France and Germany, and found that current information security policies are failing to protect business-critical information, as identity and access management processes have not been updated to meet changing employee needs, leaving businesses exposed to risk.

In addition, the research found that 65% of European CIOs believe that employees share corporate data in the fastest and easiest way, regularly bypassing IT policy, and feeling little accountability for protecting critical company information. 69% also agree that organisations and employees should take greater responsibility for how corporate data is shared, stored and managed. Due to the significant security, financial and reputational risks of losing information, identity and access management is a priority for more than three quarters of European organisations in 2013 (76%). Quest offers best practice advice to address the following security issues:

• Increased security breaches

European CIOs say that personnel (42%), customer (33%) and HR information (31%) are some of the most shared data on social networks and third party websites. In the past 12 – 18 months, HR (30%), customer (25%), and financial information (23%) has been exposed outside of the business, due to ineffective identity and access management. For organisations that have experienced these data breaches, 33% agreed that the company had lost customer trust, and 32% believed their corporate reputation had been damaged.

• Decreased productivity

98% of CIOs also agreed that poor identity and access management makes employees use third party sites as ‘work-arounds’ when storing and sharing information, which can inhibit collaboration and productivity. 31% of CIOs said that over the past 12-18 months, employees have been stuck for prolonged periods of time without access to information they need to do their jobs.

• Securing systems

62% of CIOs have faced increasing pressure over the past 12 months to protect company data due to the increasing news stories around how organisations are losing corporate data. Organisations are experiencing the most pressure from internal legal teams (41%), CEOs (40%), and Regulators (33%).

 

Best practice

Solutions such as Quest One Identity Solutions offer a complete set of capabilities, providing comprehensive controls in a flexible, modular architecture suited to address a full range of security concerns, and avoid the risks posed by poor identity and access management practices. CIOs can get more peace of mind by following these best practice guidelines:

• Focus on Education – For the majority of today’s information security threats, prevention and mitigation lie in education, diligence, and processes – supported by technology where appropriate – that enforce strong passwords (which are changed regularly).

• Adopt a “least privilege” security posture – Give each employee the least privilege necessary to accomplish required tasks and ensure that unnecessary access rights are revoked whenever an employee changes roles.

• Embrace an access review policy – Provide regular, automated access alerts that notify two or more administrators of access changes, employee changes or other critical issues.

• Achieve compliance – Implement access control and separation of duties practices and technologies, and develop, implement and enforce secure policy on all system access.

For more information on Quest One, please visit – http://www.quest.com/identity-management.

Quotes:

Phil Allen, information security expert (EMEA), Quest Software

“We are seeing many organisations grapple with the consequences of ineffective information and access governance policies, including increased security breaches, decreased productivity and rising costs. European CIOs estimate that failure to protect customer data can cost €2.7 million in revenue loss and fines; however, the impact on corporate reputation is more damaging. Security systems have not been implemented with tech-savvy employees in mind. People therefore resort to the easiest way of sharing corporate data, and many do so without thinking about the consequences. This begs the question: Will employees eventually be contractually held accountable for corporate data breaches?”

“As the guardians of information, CIOs need to rethink how they deliver IT services and tools to employees, in order to offer a better service which meets both the end-user and business requirements, whilst not introducing unnecessary risk. IT leaders also need to better educate employees about the risks of sharing corporate data on vulnerable channel.”

 

Martin Kuppinger, Founder and Principal Analyst, KuppingerCole

 

“Identity and Access Management/Governance is going to be one of the fastest-growing areas over the next few years, as CIOs look to ensure they are compliant and not taking unnecessary security risks when opening up the organisation’s infrastructure for Cloud and Mobile computing. The business demand for onboarding of business partners is another push for implementing an agile IAM/IAG infrastructure. Such an infrastructure ensures readiness when auditors begin to clamp down hard on organisations that don’t take full measures to protect corporate data. The result of not having IAM/IAG in place as a cornerstone of Information Stewardship can be extremely damaging, regardless of how large or small the incident.”