The Informatica and Ponemon Institute’s second annual survey on data centric security, “The State of Data Security Intelligence,” has been released. Given the growing number of high-profile breaches, the report’s findings won’t shock anyone. Instead, they will confirm what we all know.
That said, the number of organizations who admitted that they have little to no data security protections in place is disturbing.
The key points made in the report include the following:
- Organizations report a loss of confidence in their ability to govern their data, and less understanding on how to secure it and use it to generate actionable business intelligence.
- Organizations say it is a growing struggle to find ways to reduce data breach risk and improve their computing ecosystem’s resiliency against sustained, targeted attacks.
- Tracking data use and movement to comply with privacy and security laws is becoming increasingly unmanageable for many organizations.
- Executives are increasingly determined to adopt data-centric security strategies. Many agree that preventing network penetration is impossible, but protecting the data stored within the network ecosystem is an achievable goal.
- The majority of IT practitioners (62%) stated that their key worry is identifying the location of their most sensitive data.
- 77% indicated that automation of key processes, particularly assigning risk levels to data, would help them secure data more effectively.
- Organizations are more concerned about being able to secure data in the cloud than they are about their ability to secure data on-premises.
- Alarmingly, only 56% of reporting organizations said that they utilize data encryption. Only 35% use data masking technologies.
BAI Security offers services that assist companies in understanding their data security risk profile, and remediate it in order to come into compliance with applicable regulatory requirement.
CIO Review recently noted that BAI’s IT Security Assessment service “has often proven itself to be dramatically more comprehensive than traditional methods used by competitors.” Our Security Assessment consists of a comprehensive evaluation of key technologies, systems, and personnel within an organization to identify vulnerabilities that can lead to a compromise of data assets and/or intellectual property. This approach has a more fundamental focus on identifying real-world security weaknesses, rather than just conforming to minimum compliance requirements.
BAI Security’s compliance Controls Audits and Risk Assessments evaluate an organization’s existing policies and procedures against applicable compliance and legal standards. Additionally, the audit identifies reasonably foreseeable risks that could lead to service interruption or unauthorized disclosure, misuse, alteration, or destruction of confidential information.
Our Compromise Assessment service is, at its core, a forensic audit of all the endpoint devices (servers and workstations) in an organization to determine if a breach has already occurred. This service can identify various types of undetected malware, including those that have contributed to many of the data breaches in recent headlines. We also offer Compromise Assessment as a managed service, providing continual monitoring of the environment to identify suspicious activities that could lead to a breach.
Additionally, our Security Awareness Training helps boost an organization’s information security posture by increasing employees understanding of security threats and the damage they can cause. Our training utilizes a unique approach to adult learning, setting a new standard in efficacy and knowledge retention.
