Off-Network Security Risk No Longer Off the Radar
Last summer, Redemtech commissioned a study with the Ponemon Institute to explore the root causes behind data breaches that are providing so many companies with so much bad press. We initially suspected that the trouble begins when assets are disconnected from the network to move or retire equipment. The study was conducted with 735 security professionals from mid-size to large organizations, in both government and the private sector.
The results? A total of 73 percent of respondents admitted that they have lost data-bearing equipment during the past two years. Eighty-six percent of companies said that they have formal policies for off-network security, but only 30 percent strictly enforce them. Similarly, 30 percent reported that they would never know if an asset containing confidential information disappeared. Only 20 percent of respondents noted that they use reduction in the number of data breaches as a key metric - but that, of course, is the primary objective.
One fundamental problem seems to be that the security folks who create policy don't have much clout with the IT operations people who manage IMAC and retirement activities where the off-network breaches occur. The IT Ops people are measured primarily on financial metrics, not security. So there is no shared pain, and therefore, no common approach toward eliminating recurring breaches.
The root cause of off-network breaches? While there are many tactical issues that must be addressed, the real problem rests with people like me - senior management. We must make security a strategic priority for our companies. We must insist that the non-technical, non-sexy, operational side of security be managed proactively. We must put formal, disciplined, centralized governance in place, including rigorous metrics and audit practices. We must hold everyone accountable for conforming to security policy. And we must provide the funding necessary to be effective.
Redemtech will be providing customers with a new white paper to serve as a roadmap for addressing off-network security. Redemtech's Practice Advisors will be performing assessments for customers to establish baselines and suggest remediation. And we will keep evangelizing for better off-network practices for everyone's benefit.
To illustrate our commitment, Redemtech also has participated in a webcast with acclaimed moderator Stan Gibson of CIO Magazine who leads a discussion with Dr. Larry Ponemon, chairman and founder of the Ponemon Institute; Miriam Wugmeister, partner of Morrison & Foerster and the head of the firm’s global privacy and data security practice; and myself.
The topic is: Preventing High Profile Data Breaches: A Root Cause Approach and the focus is to pinpoint common gaps in security and asset management practices that may lead to security breaches. We also review the off-network security policies every organization should have in place to comply with data privacy regulations and reveal how to support those policies with processes that protect data-bearing assets as they move through, and outside, an organization.
More details about the webcast are available at Redemtech’s webcast site and you may view the webcast on-demand by linking to: http://www.redemtech.com/webcast_launch.aspx.
If you would like to read the Ponemon Institute’s research report, National Survey: The Insecurity of Off-Network Security, visit the Redemtech website.
Comments