While data breaches destroy customer confidence, impact revenues, attract large regulatory fines and cost C-levels their jobs, 76% of data security professionals believe in the maturity of their data security strategy, according to a new study. Despite heavy investments in a variety of data security tools as part of their strategy, 93% report persistent technical challenges in protecting data.
“The Data Security Money Pit: Expense In Depth Hinders Maturity,” a January 2017 study conducted by Forrester Consulting on behalf of Varonis Systems, Inc. (NASDAQ: VRNS), a leading provider of software solutions that protect data from insider threats and cyberattacks, finds organisations “focused on threats rather than their data and do not have a good handle on understanding and controlling sensitive data.” The fragmented approach to data security exacerbates vulnerabilities and challenges, and 96% of these respondents believe a unified approach would benefit them, including preventing and more quickly responding to attempted attacks, limiting exposure and reducing complexity and cost. The study goes on to highlight specific areas where enterprise data security falls short:
- 62% of respondents have no idea where their most sensitive unstructured data resides
- 66% don’t classify this data properly
- 59% don’t enforce a least privilege model for access to this data
- 63% don’t audit use of this data and alert on abuses
David Gibson, Vice President of Strategy and Market Development with Varonis, states, “Many point products are designed to mitigate specific threats. If they’re used tactically, instead of supporting a strategy that improves the overall security of data, they can not only cost a lot of money, but also provide a false sense of security. Ransomware, for example, exploits the same internal deficiencies that a rogue or compromised insider might – insufficient detective capabilities and over-subscribed access. Too many organisations look for tools that specifically address ransomware, but neglect to buttress core defenses that would mitigate more than just this specific threat.”
In order to provide data visibility and controls organisations desire, the study states, “It’s time to put a stop to expense in depth and wrestling with cobbling together core capabilities via disparate solutions.” Almost 90% of respondents desire a unified data security platform. Within such a solution, 68% see the value of data classification, analytics and reporting to help reduce risk. Additional criteria also include meeting regulatory compliance (76%), aggregating key management capabilities (70%) and improving response to anomalous activity (66%). In summarizing the findings, Forrester writes, “A platform can help to address concerns and challenges that have sprouted from trying to make use of many disparate tools, freeing up resources to allow for greater focus on ensuring that firms have the correct policies, procedures and remediation actions in place to meet business and data security strategy objectives.”
Wade Sendall, Vice President of IT, The Boston Globe, concurs, “Security products focus on one little piece of data security, which costs a lot of money and requires a lot of time. We’d like to think we don’t have any insider threats, but like anybody else, you really don’t know until you have a unified data security platform like Varonis to say ‘this is what’s going on.’”
Gary Hayslip, Chief Information Security Office to the City of San Diego, states, “One of the greatest challenges a CISO faces involves data. It is incumbent upon our team to understand not only how our stakeholders work, conduct business and use data, but also what applications the stakeholders require; what data is important to them; and which data if compromised would critically impact the ability of the organization to conduct business. Varonis gives my teams and I insight into the flow of data throughout my 24 enterprise networks.”
The study surveyed 150 data security professionals in the U.S. and Canada. It is available for download at www.varonis.com/forrester-2017.
