Slideshow 9 Ways Your Corporate Data Access Controls May be Weak

Published
  • January 11 2015, 9:44pm EST
12 Images Total

9 Ways Your Corporate Data Access Controls May be Weak

A new survey by security research firm Ponemon Institute demonstrates the lack of control many corporations and other organizations across industries have over access to their data. The survey, sponsored by business data management and protection vendor Varonis, garnered responses from 2,276 employees in the United States, United Kingdom, Germany and France. Data accessing employees of companies accounted for 1,110 of the respondents and another 1,166 are IT practitioners working in IT operations or security. (Photo: Fotolia)

Big Vulnerabilities

“In the context of this research, both IT practitioners and end users are witnessing a lack of control over their organizations’ data and access to it, and the two groups generally concur that their organizations would overlook security risks before they would sacrifice productivity,” according to a report of survey results. “Employees are often left with needlessly excessive data access privileges and loose data-sharing policies. Compounding the risk, organizations are unable to determine what happened to data when it goes missing, indicating a lack of monitoring and further absence of controls.”

Content Continues Below


Ease of access

Seventy-one percent of end users say that they have access to company data they should not be able to see. Fifty-four percent characterize that access as frequent or very frequent. (Photo: Fotolia)

End users believe data protection oversight and controls are weak

Forty-seven percent of end users say the organization does not strictly enforce its policies against the misuse or unauthorized access of company data and 45 percent say they are more careful with company data than their supervisors or managers. Furthermore, only twenty-two percent of employees say their organization is able to tell them what happened to lost data, files or emails. (Photo: Fotolia)

Most IT practitioners agree on weak controls

Four in five IT practitioners (80 percent) say their organizations don’t enforce a strict least-privilege data model. Thirty-four percent say they don’t enforce any least-privilege data model.

Content Continues Below


End users and IT agree that data growth is hindering productivity more every day

Seventy-three percent of end users believe the growth of emails, presentations, multimedia files and other types of company data has very significantly or significantly affected their ability to find and access data. (Photo: Fotolia)

Uncertainty about whether senior executives view data protection as a priority affects compliance with security policies

Only twenty-two percent of end users believe their organizations overall place a very high priority on data protection. About half (51 percent) of IT practitioners believe their CEO and other C-level executives consider data protection a high priority. (Photo: Fotolia)

IT practitioners say end users are likely to put critical data at risk

Seventy-three percent of IT practitioners say their department takes data protection very seriously. However, only 47 percent believe employees in their company take the necessary steps to make sure confidential data is secure. Thus, IT departments know end user security risks exist but think they are limited in what they can do about it. (Photo: Fotolia)

Content Continues Below


End users think it is okay to transfer confidential documents to potentially unsecure devices

Seventy-six percent of end users say there are times when it is acceptable to transfer work documents to their personal computer, tablet, smart phone and even the public cloud. Only 13 percent of IT practitioners agree. (Photo: Fotolia)

End users and IT practitioners do not think their organization would accept diminished productivity to prevent the risk to critical data

Fifty-five percent of end users say their company’s efforts to tighten security have a major impact on their productivity. Only 27 percent of IT practitioners say their organization would accept diminished productivity to prevent the loss or theft of critical data. (Photo: Fotolia)

End users and IT agree that employees are unknowingly the most likely to be responsible for the leakage of company data

Sixty-four percent of end users and fifty-nine percent of IT practitioners believe that insiders are unknowingly the most likely to be the cause of leakage of company data. And only forty-six percent of IT practitioners say employees in their organizations take appropriate steps to protect the company data they access. (Photo: Fotolia)

Content Continues Below


The free full report, “Corporate Data: A Protected Asset or a Ticking Time Bomb?” is available here. (Photo: Fotolia)