When it comes to security, corporate data governance programs are difficult to establish and enforce.
In the end, these programs lack the necessities to fight off threats, data breaches, regulatory fines and lawsuits.
The two weakest links in a company’s data governance program are uncontrolled user access to data (53 percent) and managing where data ends up stored (43 percent), according to a new research study released by Blancco Technology Group.
Data protection and regulatory compliance are further complicated by the fact organizations are often too lenient in allowing employees to transfer data inside and outside their organizations. One case in point is 69 percent of the surveyed IT professionals admitted they allow employees to transfer data onto their personal mobile devices with only minor limitations and 33 percent allow employees to move data to cloud providers, such as Dropbox, without any restrictions at all.
On top of this, 47 percent of organizations either have limited visibility or no visibility at all into how employees move data offsite.
Other key findings of the report include:
• Organizations are more concerned with protecting corporate reputations than passing audits and avoiding regulatory penalties. 48 percent of organizations said their biggest concern with data protection regulations is protecting their reputations, while 38 percent are worried about passing audits and 40 percent are concerned with avoiding penalties.
• Unstructured and dark data are growing liabilities for organizations. 41 percent of organizations have a central repository for managing unstructured data. Meanwhile, 34 percent either don’t have any tools in place to manage unstructured data or are in the process of investigating the necessary tools.
• Data classification is an important step in laying the foundation for data protection and regulatory compliance. 58 percent classify data according to legal requirements, while 56 percent classify data based on how sensitive it is to unauthorized disclosure/modification and 43 percent classify it according to its perceived value to their organization. However, 5 percent don’t know how data is classified inside their organization, while 13 percent either don’t classify data or don’t know if they do.
The study highlights a common reality in most enterprises is what you don’t know can hurt you. One such unknown is the amount of time data should end up retained.
Along those lines, 22 percent of respondents said they keep data forever, while 18 percent said they keep data for a set amount of time regardless of data type.
“The reality is that many organizations adhere to a ‘storage is cheap, keep everything’ mentality,” said Richard Stiennon, chief strategy officer, Blancco Technology Group. “Data hoarding as a practice can be dangerous, as we saw during the Yahoo hack last year when hacker ‘Peace’ leaked four-year-old data from 200 million Yahoo accounts onto the dark web. Organizations need to learn that, as data ages, its usefulness declines. In actual fact, all retained data is a liability for discovery, breach, theft or loss. When its value is less than the liability, when customers demand it (i.e. closing out accounts) and when regulations require it, organizations need to permanently erase the data so it can never be recovered and result in another situation like the Yahoo breach.”
Click here to register for the report.