93 percent of organizations have technical challenges protecting data
Data breaches can be extremely damaging for enterprises, leading to loss of consumer confidence, loss of revenue and even regulatory fines.
But despite the importance of data security a new study by Forrester Consulting on behalf of data protection specialist Varonis Systems, finds that organizations are often focused on threats rather than their data and don't have a good handle on understanding and controlling sensitive information.
Although making heavy investment in a variety of data security tools as part of their strategy, 93 percent of respondents report persistent technical challenges in protecting their data. In addition 96 percent believe a unified approach would benefit them, allowing them to prevent and quickly respond to attempted attacks, limiting exposure and reducing complexity and cost.
"Many point products are designed to mitigate specific threats. If they're used tactically, instead of supporting a strategy that improves the overall security of data, they can not only cost a lot of money, but also provide a false sense of security," says David Gibson, vice president of strategy and market development at Varonis. "Ransomware, for example, exploits the same internal deficiencies that a rogue or compromised insider might -- insufficient detective capabilities and over-subscribed access. Too many organizations look for tools that specifically address ransomware, but neglect to buttress core defenses that would mitigate more than just this specific threat."
The study goes on to highlight some specific areas where enterprise data security often falls short. It finds that 62 percent of respondents have no idea where their most sensitive unstructured data resides and 66 percent don't classify this data properly. Also 59 percent don't enforce a least privilege model for access to this data and 63 percent don’t audit the use of data and generate alerts on abuses.
When asked what they needed to provide better visibility and control, almost 90 percent of respondents wanted a unified data security platform. Within such a solution, 68 percent see the value of data classification, analytics and reporting to help reduce risk. Additional criteria include meeting regulatory compliance (76 percent), aggregating key management capabilities (70 percent) and improving response to anomalous activity (66 percent).
Summarizing the findings, Forrester concludes, "A platform can help to address concerns and challenges that have sprouted from trying to make use of many disparate tools, freeing up resources to allow for greater focus on ensuring that firms have the correct policies, procedures and remediation actions in place to meet business and data security strategy objectives."
The full report is available to download from the Varonis website.