Inside TDV - The Data Vault Blog
Who’s Looking At Your Information?
Access control is poised to be a hot button issue in 2015, as more and more companies come to the realization that even the best security system can be compromised if there are too many holes. Large data breaches at Home Depot and Target were both caused by 3rd party vendors that had the ability to log into the corporate information networks, leading to concerns about the number of non-employees able to access the sensitive areas of organizations.
One recent study by the Ponemon Institute brought this issue into focus. Employees and outsiders with excessive data privileges represent a growing threat to the organizations surveyed in the report; 76% of respondents believe there are times when it is “acceptable to transfer work documents to their personal devices” and 48% of IT departments authorize the use of public cloud services (iCloud, Dropbox) within the highly secure enterprise setting. Both of these practices are cause for alarm in the face of the incidents occurring around the world on almost a daily basis, but what can an company do to combat these threats?
What we’ve found over time in the business community is a lack of definition and consistency. Many organizations have patchwork stated policies that vary from department to department, with discrepancies between different groups on what is acceptable handling of sensitive information. As Varonis CEO Yaki Faitelson noted: “These findings should be a wake-up call to any organization that stores information about its customers, employees or business partners,” he said. “There has been so much focus and investment on protecting the perimeter, but the most fundamental building blocks of security that protect the data inside – access controls and auditing – are often left behind.” The easiest way to help mitigate this issue is simple: make a clear, universal policy that is enforceable across an entire organization when it comes to the handling of electronic information.
Here at The Data Vault we’ve been helping businesses find ways to manage the changing world of information management for over 30 years. Through our consulting services, we can have our experts help you find a system that works and put it in place; ensuring that you will be compliant with all security needs going forward. Please feel free to reach out to us at any time and someone will be in touch with you shortly after!