Survey Shows Many Companies Lack Understanding of Their Most Important Data Assets
Need to Look at Discovery DLP
Citing the results of their third quarter survey of more than 700 executives and IT professionals, business consulting and internal audit firm Protiviti noted that despite the increased public awareness of cybersecurity, a third of the firms still lack adequate polices for information security, data encryption and data classification. The survey assessed security and privacy policies, data governance, data retention and storage, data destruction policies and third-party suppliers and access, among other topics.
The findings summarized in ComputerWeekly.com on October 1, noted the survey shows that many companies lack an understanding of what are their most important data assets.
According to the survey report, organizations that have all of their “core” information security policies in place – including acceptable use, data encryption and more – demonstrate higher levels of confidence and stronger capabilities throughout their IT security activities”. Moreover, setting the right tone from the top is as important as any policy and should include strong board engagement in information security and management establishing best practice policies.
These results align with past findings. Previous studies by Ponemon Institute, for example,report that sensitive or confidential data is often invisible to IT security.
The first stage of any Data Loss Prevention (DLP) program is to have stakeholders decide what needs to be protected–and then locate where that sensitive or confidential information resides. In today’s connected environment sensitive data can be found in an email, a file share, the cloud, or an innocent posting to the web – wherever information is stored or in motion it can be found.
CGN Discovery DLP is a key tool to locate, identify and secure sensitive data throughout the network. CGN Discovery DLP, Using patent pending “Database Record Matching™ (DBRM™), locates and identifies sensitive data at rest on endpoints and servers across the network and in the cloud providing visibility and audit reporting of potentially unsecured information. Once discovered the enforcement of policies to Alert, Move, or Remove the data can be made.