Stop Making It So Easy

An out-of-site, out-of-mind attitude toward data protection should leave most corporate exectives with that insecure, non-compliant feeling in the pit of their archives. And guess what? It does, but not enough take action—at least not yet.

The threat is still perceived to be at the barriers, while stored data remains relatively unprotected. The reason for this continued problem remains relatively simple. Companies set up policies and systems and then monitor activity at the borders with the mistaken notion that sensitive data going out or dangerous incoming threats have to pass through those defenses.

Leaving stored data unprotected, however, invites even low-tech and no-tech tampering, and the results can be just as harmful as external assaults.Storage services provider GlassHouse Technologies recently surveyed executives on their procedures for protecting stored data at more than 300 companies, spanning 16 industries including government, telecommunications, technology, energy, financial services, aerospace and healthcare. The results, I'm afraid, were not surprising.

According to GlassHouse, 70 percent of the execs rated their data storage security as fair to poor, 85 percent do not encrypt their backup data, and 54 percent said their companies had no documented procedures for protecting stored data.

Part of the problem seems to stem from ill-advised priorities. Half the respondents felt their company's intellectual property was their greatest concern, even though there could be greater legal consequences and long-term reputation loss as a result of mishandling customer or employee information.

And 61 percent of the executives surveyed still believed that external threats were more dangerous than internal threats. The focus on border security is understandable and necessary, but it can't be at the expense of internal data protection. Ask any police detective, and they look for those with access and a motive when trying to solve a theft crime. If nearly everyone inside your organization has access, you've made it way too easy to have a motive.

On a hopeful note, 80 percent the executives in the survey correctly identified either regulatory compliance or loss of public trust as the worst consequences of data theft.

To see a complete report on the survey you can visit the GlassHouse website.