Losing important data is a vital concern for companies, but instead of focusing on protecting that important resource they continue to lock in on threats, a new study said.
Despite heavy investments in a variety of data security tools as part of their strategy, 93 percent of survey respondents report persistent technical challenges in protecting data.
Organizations “focused on threats rather than their data and do not have a good handle on understanding and controlling sensitive data,” according to “The Data Security Money Pit: Expense In Depth Hinders Maturity,” a January 2017 study conducted by Forrester Consulting on behalf of Varonis Systems, Inc., a provider of software solutions that protect data from insider threats and cyberattacks. Researchers surveyed 150 data security professionals in the U.S. and Canada.
The fragmented approach to data security exacerbates vulnerabilities and challenges, and 96 percent of these respondents believe a unified approach would benefit them, including preventing and more quickly responding to attempted attacks, limiting exposure and reducing complexity and cost.
The study also highlighted specific areas where enterprise data security falls short:
• 62 percent of respondents have no idea where their most sensitive unstructured data resides
• 66 percent don’t classify this data properly
• 59 percent don’t enforce a least privilege model for access to this data
• 63 percent don’t audit use of this data and alert on abuses
“Many point products are designed to mitigate specific threats,” said David Gibson, vice president of strategy and market development with Varonis. “If they’re used tactically, instead of supporting a strategy that improves the overall security of data, they can not only cost a lot of money, but also provide a false sense of security. Ransomware, for example, exploits the same internal deficiencies that a rogue or compromised insider might – insufficient detective capabilities and over-subscribed access. Too many organizations look for tools that specifically address ransomware, but neglect to buttress core defenses that would mitigate more than just this specific threat.”
In order to provide data visibility and controls organizations desire, the study said, “It’s time to put a stop to expense in depth and wrestling with cobbling together core capabilities via disparate solutions.” Almost 90 percent of respondents desire a unified data security platform. Within such a solution, 68 percent see the value of data classification, analytics and reporting to help reduce risk. Additional criteria also include meeting regulatory compliance (76 percent), aggregating key management capabilities (70 percent) and improving response to anomalous activity (66 percent).
“A platform can help to address concerns and challenges that have sprouted from trying to make use of many disparate tools, freeing up resources to allow for greater focus on ensuring that firms have the correct policies, procedures and remediation actions in place to meet business and data security strategy objectives,” Forrester researchers said in the study.
Click here to download the study.