News article

Posted by Andy Price PM | on Thu, 09/05/2013 - 12:27  2069

Bad news for CIOs: almost half of employees bypassing security

In news that certainly won't be music to the ears of the CIO, new research has found that as many as 46% of employees have admitted to bypassing security to get their jobs done.

This is despite the converse figure that 85% has said that security has added value to their company.

However, the significant figure that says their jobs have been hindered has led to many employees giving up, or trying to circumvent security systems.

While Voltage Security, who conducted the study has said this shows the need to strike a balance between data access and not compromising security, there were other worrying figures: only 29% of organisations would notice within seconds or minutes if sensitive data wasn't secured, whereas a huge 40% would never even notice.

Three steps to data protection

Dave Anderson, a senior director at Voltage has highlighted the damage that data loss can do - particularly to major organisations over 5,000 employees, such as the public sector. However, he did offer advice on protecting sensitive data, as well as his three steps to data protection.

"Security can, and should be, seamlessly integrated into current business processes, rather than stand-alone functions that enable employees to protect information at all times," said Anderson.

"Deploying a data-centric framework will enable companies to protect sensitive information at all times, while still allowing employees to access, use, and move the data within the enterprise as needed to perform their duties.”

Three considerations for data security:

1. Think about a data-security strategy, not a security strategy based on only protecting a device, server, tape, disk, or media. This helps ensure any sensitive data can be protected anywhere it moves, and any way it is used.

2. Focus on integrating the core data protection functions, including encryption, tokenisation and data masking capabilities, across a single vendor solution.  Individual point products that are not integrated can be difficult to deploy and manage, and this is often where control gaps are found. 

3. Implement data protection solutions that comprehensively protect all structured and unstructured data types across the entire IT infrastructure, including everything from legacy and mainframe, to data in the cloud and on mobile.  Only protecting a single data type or a limited number of applications can leave an organisation