Varonis says latest ICO research should act as a wake-up call to IT security professionals

London, (PresseBox) - Commenting on research from the Information Commissioner's Office ICO advising that businesses are waking up to their data protection responsibilities, Varonis says that IT security professionals need to be aware of the dangers that their data - and in particular, unstructured data - now pose their organisations.



According to David Gibson, director of technical services with the data governance specialist, the ICO's research shows that, while three quarters of businesses know that the (Data Protection Act) DPA requires them to keep their data secure, less than half believe that organisations process their data in a fair and proper manner.

"This tells us that there is a significant gulf between what firms say they believe, and the reality. The reality, of course, is that few businesses have the access control processes or audit capabilities to prove that they are in complete control of their data, and are therefore risking a breach of the DPA," he said.

"The problem facing IT professionals is a potentially major one, as research has shown that 80 per cent of data in major organisations is unstructured, making the task of knowing who is doing what, when and where with that data all the more difficult," he added.

And perhaps more importantly from the ICO's perspective, Gibson went on to say, proving that you know what is happening to your company's unstructured data is also a lot more difficult-if there are few preventive or detective controls in place there is very little evidence to present. As an example, evidence that a file share is controlled might include a record of the last time access was reviewed on that share, who reviewed it, what decisions they made, and who has accessed which files in the share since the review. Very few organisations have these controls in place today.

That's not to say that the task of auditing and securing unstructured data is impossible, he adds, noting that unstructured data is information that either does not have a pre-defined data model and/or does not fit well into relational tables.

Unstructured information, says the Varonis' director of technical services, like spread sheets, presentations, and word processing documents are typically text heavy and often contain personal information. Unstructured data is less predictable that structured data stores (databases), where personal information is likely to be in a designated field. Databases also often have controls and auditing built-in, whereas the native controls on unstructured repositories are usually unavailable or consume too many resources to enable.

"While we welcome the media exposure that the ICO's latest research into data protection creates, we think it still raises more questions than it answers. People should also note that the ICO also has a vested interest in all of this, as it is still the gatekeeper for everyone's data," he added.

"Companies and their IT staff need to wake up and smell the coffee. All data now has a value to someone, and some data has a much higher value than the rest. The real question for most organisations is what systems they have in place to audit their data accesses - and how these systems will be assessed and interpreted by the ICO in the event that a data breach does occur."

For more on Varonis: www.varonis.com
For more on the ICO's research: http://bit.ly/oX3yJj

Varonis Deutschland

Varonis is the leader in unstructured and semi-structured data governance for file systems, SharePoint and NAS devices, and Exchange servers. Named a "Cool Vendor" in Risk Management and Compliance by Gartner and voted one of the "Fast 50 Reader Favorites" on FastCompany.com, Varonis has more than 4,000 installations worldwide. Based on patented technology and a highly accurate analytics engine, Varonis' solutions give organizations total visibility and control over their data, ensuring that only the right users have access to the right data at all times. Varonis is headquartered in New York, with regional offices in Europe, Asia and Latin America, and research and development offices in Hertzliya, Israel

Varonis, the Varonis logo, DatAdvantage and DataPrivilege are registered trademarks of Varonis Systems in the United States and/or other countries and Data Classification Framework and Metadata Framework are under a registration process in the United States and/or other countries. All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only.

Press releases you might also be interested in

Weitere Informationen zum Thema "Software":

Open Telekom Cloud jetzt auch als Hybrid Solution

Die Open Te­le­kom Cloud gibt es ab so­fort auch in der Kon­s­tel­la­ti­on ei­ner Hy­brid Cloud und bie­tet da­mit bei Be­darf noch mehr Si­cher­heit und Ge­schwin­dig­keit. Bis­her gab es die Re­chen- und Spei­cher­ka­pa­zi­tä­ten aus­sch­ließ­lich als Pu­b­lic Cloud aus den zer­ti­fi­zier­ten hoch­si­che­ren Twin-Re­chen­zen­t­ren der Te­le­kom in Bie­re und Mag­de­burg in Sach­sen-An­halt.

Weiterlesen

Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.


I want to subscribe to the gratis press mail and have read and accepted the conditions.