To rewrite an old adage, “Those with the most data win the business.” Information lets you know your customer, collaborate with partners, and get things done. Security, on the other hand, may be a stumbling block to getting things done.
In fact, 40 percent of organizations report that they have lost business because employees lacked access to data critical to closing a sale, according to research conducted by Voltage Security at last month’s RSA San Francisco security conference. Worse, even more (46 percent) reported that they have bypassed security controls to get to sensitive data needed to get their jobs done.
The potential cost of these workarounds is staggering. A data loss event has the potential to cost millions in expenses, involving detection, escalation, notification, and response in the wake of a breach; legal, investigative, and administrative expenses; customer defections; opportunity loss; reputation management costs; and costs associated with customer support such as information hotlines and credit monitoring subscriptions.
Ponemon’s fifth annual “U.S. Cost of a Data Breach Study,” published in December 2012, estimates that “data breach incidents cost U.S. companies $204 per compromised customer record in 2009.” In short, even a midsized breach could put a smaller organization out of business.
The problem, interestingly, is not one of awareness. Nearly all employees polled by Voltage (85 percent) reported that they believe that security adds value to the business. Four out of ten, however, say that that same valuable security limits their ability to move around data.
Currently, organizations don’t have enough control over sensitive data, according to the study, which surveyed 300 IT professionals. Forty percent of respondents reported that they would not notice if sensitive data was not secured.
Clearly, the average organization needs to work to better balance the need to secure data and the need for sharing that same data readily. More than half of respondents reported they had access to financial, customer, or human resources information that wasn’t necessary for them to do their jobs.
Dave Anderson, senior director, marketing, at Voltage Security, offered IFSEC Global some advice on how to create a strategy that provides both availability for company employees and security for corporate data. He offered three keys to success:
- Protect the data, not the container. Rather than focusing on securing the database, device, server, or data storage media, organizations need to create a data security strategy that focuses on the data itself. “It is important to remember that you are securing and protecting the data wherever it moves across the environment,” Anderson told us. “You need to ensure data is protected 100 percent from the moment it is created to the moment it is consumed and deleted.”
- Go single-vendor, rather than best-of-breed. Too often, organizations cobble together a data security solution that includes encryption, tokenization, and data making, each from a different vendor. “Piecing together point solution frameworks doesn’t work, and is difficult and costly to do. In the end, they still have gaps and exposures you can’t close.”
- Implement strategic and comprehensive data protection. Consider all data types, including both structured and unstructured data, spread across the entire infrastructure. Don’t neglect legacy and mainframe systems or fail to consider data stored in the cloud or on mobile devices. “You have to have the ability to integrate data, regardless of source and how it is being used,” said Anderson.
Of course, every organization is different and so has to work to understand its own business. A combination of a strong data security policy, consistent employee training, and tools and technologies that secure the critical data in the organization are the first steps to closing the gap between security and data availability.
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
I think we’ve been seeing this problem since the very beginning of retail sales. If a store doesn’t open it’s doors on time customers go elsewhere. If an online store goes down customers go elsewhere. Very few people who are shopping online will just accept that an online retailer is down and come back the next day to shop, they will go to the next store that has what they want.
I have to say as a consumer if I am on the edge of a potential purchase and want to know specific information then yes I can easily be pushed away by a representative that doesnt know anything about the product or service. When you are left with questions then it makes room for more questions and doubt. I think the part of the article that spoke to me most was the number that circumvent security to get sensitive information to complete a sale. If there is a way around to access that information then it needs to either be… Read more »
Great article Hailey. I have seen security implementations effect working capabilities for end users in my line of work. It may be frustrating for them and it is even more frustrating for us. Fortunately, our security department is very active in ironing out these flaws before they hit production. Security should never hinder productivity. As for consolidating vendors, my company is currently doing this for our mobile solution among other things. We would rather have a company that does everything well, then does a few things great and doesn’t touch upon other things that we need done. This will help… Read more »
@Mike Clauss, yes…retail is a great example. I think it’s even a broader issue than that though. Salespeople wihtin a traditional organization need data about sales or customer habits in order ot make a solid argument for example. Today, data drives organizations–and those with the most data, that use it creatively, are certianly likely to win.
That’s the scariest part, Jonathan….I think what drives it is not ill will or ill intent, but really the drive for getting things done over and above any other value. People are being pushed to increase the speed of business and they work around obstacles without thinking about the broader implications of doing that.
Interesting, Ryan… I’d be interested in knowing who is driving the conversation and decision making around what’s important and how to get there? What’s the role of IT in it?
This will help our company with pricing, compatibility issues, and hopefully cut down on business loss.
@Ryan Howell, thanks for sharing your experience. I am curious to know if any analysis on pricing was done before your company opted for singer vendor approach ? And what was the key parameters based on which the vendor was selected ?
Very few people who are shopping online will just accept that an online retailer is down and come back the next day to shop
@Mike Clauss, very true. If the online store goes down, then this creates a negative impression about that store on the customers mind. Customers usually hesitate to share their credit/debit card details with such stores because they feel the store is not trustworthy.
Hailey, I believe that it is a dual effort beween IT and the healthcare professionals on whats important. Many meetings are put together to discuss the ongoings and what is most crucial when it comes to having one company provide multiple services. I think it comes down to what effects the hospital most in terms of productivity. Currently, we have set out a gameplan that has a set timespan of 2 years. This is to make sure nothing is overlooked and the end user is provided with the best possible situation. The role of IT for this endeavor, is that… Read more »
If you are a small site this is especially difficult to overcome. An Amazon might get someone to return later but if you don’t have that kind of presence on the internet a single incident where a user can’t access your site will often result in them never coming back. I think a lot of smaller sites fail for this reason, since the internet has less personal interaction building customer confidence is huge.
On the note of sales people, I do have to say that one of the most tragic things that can happen to your sales team is having a presentation that is tech heavy go bad. I’ve had that happen where a sales call went south and without their regular tools the sales guy seemed lost. In this case though an offline backup in the form of a presentation stored locally or paper presentation is usually good enough to get through the issue.
@Ryan Howell, thanks for the glimpse into your world… i suspect that healthcare organizations are particuarly used to these conversations since they are regularly under compliance demands. Interesting stuff.