It will not come as a surprise to many that UK enterprises could do more to improve their confidence in data security. Security managers know this, but often struggle to get the funds they need. The first of three 2015 Quocirca research reports quantifies the business benefits of a range of measures in building confidence in data security that help make the case for investment.
Only 29% of the organisations say they are very confident about data security. This rises to 52% in financial services but drops to just 16% in retail, distribution and transport. However, it is not just the industry sector that a given organisation is in that affects confidence levels. The levels of user knowledge about data security, the types of technologies deployed and the ability to co-ordinate policy all vary significantly and each can make a big difference.
To start with, those organisations who had educated their employees to be very knowledgeable about data protection measures were 3 to 4 times as likely to be very confident about data security as those who had not. When it comes to security technology widely deployed capabilities such as email and web content filtering make little difference; these have become hygiene factors that most now have in place. Countering advanced threats to data requires more state-of-the-art technology.
For example, those organisations that have deployed data loss prevention (DLP) are also 3 to 4 times as likely to be very confident about data security compared to those that have not. Specific measures for securing data sharing in the cloud, such as the use of secure proxies, secure links and the ability to profile users and devices, have similar impact. Certain end-point security measures more than double the level saying they are very confident.
Threats can come from within and without the organisation. Being able to understand who is doing what with data and co-ordinating the response accordingly makes a big different too. A highly co-ordinated capability to respond to insider threats more than doubles the numbers saying they are very confident; a co-ordinated response to criminal hackers triples the figure.
Put it all together and the results are startling. None of those doing poorly at all of the above are very confident about data security; 30% of them say they are not confident at all. At the other end of the spectrum, all of those that do a good job of educating users and co-ordinating responses alongside deploying certain advanced technologies are very confident (63%) or somewhat confident (37%) about data security.
Interestingly, those organisations lying at these two extremes do share one characteristic. They have a similar average number of security suppliers and repositories for defining security policy. However, with the laggards it is just they have not deployed much in the first place, with the leaders it is because they rationalised and streamlined their approach to data security. They get a number of benefits from doing this, for example stronger information supply chains and insight into what their users are up to in the cloud, these will be the subject of two further blog posts.
No businesses can duck these issues, so the laggards should take a leaf out the leader’s book and get real about data security. Quocirca’s report, Room for improvement, was ponsored by Digital Guardian (a supplier of data protection products) and is free to download at the following link: http://quocirca.com/content/room-improvement-building-confidence-data-security