Poor Security Thwarts Three-Quarters of Big Data Projects
Information and analytics make up the new face of innovation for corporates—who hasn’t heard the term “Big Data,” after all. But IT security challenges are getting in the way of executing the vision of dynamic, usable, instantly accessible data frameworks, with three-quarters (73%) of organizations reporting that their business initiatives have been thwarted by data security gaps.
According to a survey from Dataguise, “Strategies for Securing Sensitive Data,” companies are inexorably transitioning toward big data frameworks, including cloud-based environments such as Microsoft Azure HDInsight. In fact, 28% of respondents report more than a year of experience with these big data repositories, and another 38% say they’re in various stages of adoption.
Yet, they’re finding that data security challenges often have a negative impact on their efforts; that 73% said that data security concerns have been so worrisome that in many cases they’ve terminated their projects until further notice.
Even with multiple layers of security in place, less than half of all respondents did not believe that their data was secure, with only 47% of respondents confident that their sensitive data throughout their organization was safe.
Pulling back the kimono a bit, the survey revealed that the companies use multiple security solutions to protect sensitive data, with 82% using network monitoring, 80% leveraging data encryption, 79% implementing access controls, 69% installing perimeter controls, 63% using volume and file encryption and 43% implementing data masking.
But, it’s not sufficient.
“As we have experienced, many companies are throwing everything they have at IT security challenges. The problem is that even multiple point solutions still leave gaps that put these organizations at risk,” said JT Sison, vice president of marketing and business development for Dataguise. “Addressing this at the data layer plugs the remaining gaps, regardless of its migration across systems and networks. Additionally, platform agnostic monitoring of this sensitive data provides precise intelligence to administrators, providing a much higher level of protection for greater levels of confidence.”
Furthermore, the survey showed that sensitive data within organizations can typically be widely accessed by a large number of individuals. In addition to 80% of respondents indicating that their IT teams had access to sensitive data, 40% said test-and-development teams also had access, and 29% indicated that end users throughout the enterprise maintained the ability to view the information.
Identifying where the buck stops when unauthorized access to sensitive data occurs, the survey also asked who would be held accountable if the organization encountered a breach. The majority (88%) of respondents said that their IT security team (including the CISO/CIO) would face scrutiny.
Only half (47%) said their CEO or board of directors would be placed with the responsibility. About 38% of organizations would point to the chief data officer (CDO) for the breach. And a full quarter (24%) would fault the user or users who created the data.
The takeaway here is that IT security teams are at the greatest risk, and must strengthen their data infrastructure to ensure the danger of unauthorized access remains low. Yet, the survey showed that 62% of firms passed security audits, 11% failed and 20% were unclear if they passed their audit or not—clearly, there’s work yet to do.
Photo © Adriano Castelli/Shutterstock.com
Source: Information Security Magazine