To rewrite an old adage, “Those with the most data win the business.” Information lets you know your customer, collaborate with partners, and get things done. Security, on the other hand, may be a stumbling block to getting things done.
In fact, 40 percent of organizations report that they have lost business because employees lacked access to data critical to closing a sale, according to research conducted by Voltage Security at last month’s RSA San Francisco security conference. Worse, even more (46 percent) reported that they have bypassed security controls to get to sensitive data needed to get their jobs done.
The potential cost of these workarounds is staggering. A data loss event has the potential to cost millions in expenses, involving detection, escalation, notification, and response in the wake of a breach; legal, investigative, and administrative expenses; customer defections; opportunity loss; reputation management costs; and costs associated with customer support such as information hotlines and credit monitoring subscriptions.
Ponemon’s fifth annual “U.S. Cost of a Data Breach Study,” published in December 2012, estimates that “data breach incidents cost U.S. companies $204 per compromised customer record in 2009.” In short, even a midsized breach could put a smaller organization out of business.
The problem, interestingly, is not one of awareness. Nearly all employees polled by Voltage (85 percent) reported that they believe that security adds value to the business. Four out of ten, however, say that that same valuable security limits their ability to move around data.
Currently, organizations don’t have enough control over sensitive data, according to the study, which surveyed 300 IT professionals. Forty percent of respondents reported that they would not notice if sensitive data was not secured.
Clearly, the average organization needs to work to better balance the need to secure data and the need for sharing that same data readily. More than half of respondents reported they had access to financial, customer, or human resources information that wasn’t necessary for them to do their jobs.
Dave Anderson, senior director, marketing, at Voltage Security, offered IFSEC Global some advice on how to create a strategy that provides both availability for company employees and security for corporate data. He offered three keys to success:
- Protect the data, not the container. Rather than focusing on securing the database, device, server, or data storage media, organizations need to create a data security strategy that focuses on the data itself. “It is important to remember that you are securing and protecting the data wherever it moves across the environment,” Anderson told us. “You need to ensure data is protected 100 percent from the moment it is created to the moment it is consumed and deleted.”
- Go single-vendor, rather than best-of-breed. Too often, organizations cobble together a data security solution that includes encryption, tokenization, and data making, each from a different vendor. “Piecing together point solution frameworks doesn’t work, and is difficult and costly to do. In the end, they still have gaps and exposures you can’t close.”
- Implement strategic and comprehensive data protection. Consider all data types, including both structured and unstructured data, spread across the entire infrastructure. Don’t neglect legacy and mainframe systems or fail to consider data stored in the cloud or on mobile devices. “You have to have the ability to integrate data, regardless of source and how it is being used,” said Anderson.
Of course, every organization is different and so has to work to understand its own business. A combination of a strong data security policy, consistent employee training, and tools and technologies that secure the critical data in the organization are the first steps to closing the gap between security and data availability.
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
