Varonis says latest ICO research should act as a wake-up call to IT security professionals
According to David Gibson, director of technical services with the data governance specialist, the ICO's research shows that, while three quarters of businesses know that the (Data Protection Act) DPA requires them to keep their data secure, less than half believe that organisations process their data in a fair and proper manner.
"This tells us that there is a significant gulf between what firms say they believe, and the reality. The reality, of course, is that few businesses have the access control processes or audit capabilities to prove that they are in complete control of their data, and are therefore risking a breach of the DPA," he said.
"The problem facing IT professionals is a potentially major one, as research has shown that 80 per cent of data in major organisations is unstructured, making the task of knowing who is doing what, when and where with that data all the more difficult," he added.
And perhaps more importantly from the ICO's perspective, Gibson went on to say, proving that you know what is happening to your company's unstructured data is also a lot more difficult-if there are few preventive or detective controls in place there is very little evidence to present. As an example, evidence that a file share is controlled might include a record of the last time access was reviewed on that share, who reviewed it, what decisions they made, and who has accessed which files in the share since the review. Very few organisations have these controls in place today.
That's not to say that the task of auditing and securing unstructured data is impossible, he adds, noting that unstructured data is information that either does not have a pre-defined data model and/or does not fit well into relational tables.
Unstructured information, says the Varonis' director of technical services, like spread sheets, presentations, and word processing documents are typically text heavy and often contain personal information. Unstructured data is less predictable that structured data stores (databases), where personal information is likely to be in a designated field. Databases also often have controls and auditing built-in, whereas the native controls on unstructured repositories are usually unavailable or consume too many resources to enable.
"While we welcome the media exposure that the ICO's latest research into data protection creates, we think it still raises more questions than it answers. People should also note that the ICO also has a vested interest in all of this, as it is still the gatekeeper for everyone's data," he added.
"Companies and their IT staff need to wake up and smell the coffee. All data now has a value to someone, and some data has a much higher value than the rest. The real question for most organisations is what systems they have in place to audit their data accesses - and how these systems will be assessed and interpreted by the ICO in the event that a data breach does occur."
For more on Varonis: www.varonis.com
For more on the ICO's research: http://bit.ly/oX3yJj
Varonis is the leader in unstructured and semi-structured data governance for file systems, SharePoint and NAS devices, and Exchange servers. Named a "Cool Vendor" in Risk Management and Compliance by Gartner and voted one of the "Fast 50 Reader Favorites" on FastCompany.com, Varonis has more than 4,000 installations worldwide. Based on patented technology and a highly accurate analytics engine, Varonis' solutions give organizations total visibility and control over their data, ensuring that only the right users have access to the right data at all times. Varonis is headquartered in New York, with regional offices in Europe, Asia and Latin America, and research and development offices in Hertzliya, Israel
Varonis, the Varonis logo, DatAdvantage and DataPrivilege are registered trademarks of Varonis Systems in the United States and/or other countries and Data Classification Framework and Metadata Framework are under a registration process in the United States and/or other countries. All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only.
Press releases you might also be interested in
Weitere Informationen zum Thema "Software":
Open Telekom Cloud jetzt auch als Hybrid Solution
Die Open Telekom Cloud gibt es ab sofort auch in der Konstellation einer Hybrid Cloud und bietet damit bei Bedarf noch mehr Sicherheit und Geschwindigkeit. Bisher gab es die Rechen- und Speicherkapazitäten ausschließlich als Public Cloud aus den zertifizierten hochsicheren Twin-Rechenzentren der Telekom in Biere und Magdeburg in Sachsen-Anhalt.Weiterlesen