Data Fragmentation Foments Big Security Gaps
About three-quarters (76%) of data security professionals believe in the maturity of their data security strategy, according to a new study. Yet, 93% report persistent technical challenges in protecting data.
The study, from Varonis Systems, noted that a fragmented approach to data security exacerbates vulnerabilities and challenges. Organizations are “focused on threats rather than their data, and do not have a good handle on understanding and controlling sensitive data.”
For instance, 62% of respondents have no idea where their most sensitive unstructured data resides; and 66% don’t classify this data properly. More than half, 59%, don’t enforce a least-privilege model for access to this data; and 63% don’t audit use of this data and alert on abuses.
“Many point products are designed to mitigate specific threats,” said David Gibson, vice president of strategy and market development with Varonis. “If they’re used tactically, instead of supporting a strategy that improves the overall security of data, they can not only cost a lot of money, but also provide a false sense of security. Ransomware, for example, exploits the same internal deficiencies that a rogue or compromised insider might—insufficient detective capabilities and over-subscribed access. Too many organizations look for tools that specifically address ransomware, but neglect to buttress core defenses that would mitigate more than just this specific threat.”
About 96% of these respondents believe a unified approach would benefit them, including preventing and more quickly responding to attempted attacks, limiting exposure and reducing complexity and cost. Within such a solution, 68% see the value of data classification, analytics and reporting to help reduce risk. Additional criteria also include meeting regulatory compliance (76%), aggregating key management capabilities (70%) and improving response to anomalous activity (66%).
In order to provide data visibility and controls organizations desire, the study noted, “It’s time to put a stop to expense in depth and wrestling with cobbling together core capabilities via disparate solutions.”
Gary Hayslip, CISO for the City of San Diego, said in the report: “One of the greatest challenges a CISO faces involves data. It is incumbent upon our team to understand not only how our stakeholders work, conduct business and use data, but also what applications the stakeholders require; what data is important to them; and which data if compromised would critically impact the ability of the organization to conduct business.”
Source: Information Security Magazine