https://slotsdad.com/ - casino online slots

Some interesting stats on mobile computing disk (in)security

by Administrator on July 5, 2007

I have been tracking Seagate’s evolving DriveTrust on-disk encryption technology (see these docs for more info: Overview of Seagate DriveTrust Technology and DriveTrust and Compliance), which is part of the focus of the next installment of my storage security series of columns for ESJ.com.  As part of the “education” process, Seagate provided a survey report from Credant Technologies.  This is from that report, entitled Mobile Data Breach Report 2006.

CREDANT’s 2006 survey of corporate data breaches assessed the impact one step further, to the consumer and employee level which gets to the heart of the issue – everyone is a victim, companies, employees and consumers. CREDANT polled 426 respondents, primarily from IT, representing CEOs, CIOs, Vice Presidents, Directors and staff of high-tech, finance, healthcare, government, and manufacturing. The objective of the survey was to find out if organizations are prepared for future breaches with a series of questions that are detailed in the pages of this report. What it found was startling. Following are the Top 5 Key Findings:

  • 72% of respondents believe encryption is required to comply with data privacy regulations, but less that 20% of companies sampled encrypt the data stored laptops and other mobile devices.
  • 88% of respondents reported that they know sensitive data is stored on mobile devices and almost 62% stated that up to 25,000 s accounts/records would be exposed if there was a breach.
  • There also continues to be a lack of understanding about what to do AFTER a breach occurs. 63% of the respondents cited that internal auditors need to be notified, versus only 37% citing the need to quickly notify the other potential victims – their customer, the consumer – of a data breach.
  • 36% of respondents feel that the accountability for any data breach falls to the person who lost the laptop or mobile device, while 33% believe that IT management who is responsible for securing the data should be held accountable. Yet only 19% cited that executive management who control budget and resources should be held responsible.
  • Organizations know that they are extremely vulnerable to data breaches but are not aligned on how or when to take aggressive steps; as a result data loss will continue.

In summary, the findings from the survey highlight that as organizations begin retooling their security strategy, fierce competition exists for security and compliance dollars to address a complex problem. There is a pressing need for the industry to identity and communicate effective business processes and best practices for protecting mobile data. This survey reveals some fundamental misalignments that, until they are addressed, may very well prevent organizations from implementing controls that truly mitigate the security gaps created by inadequate security for mobile computers and devices.

While the survey sample is smallish, I think that these insights are worth a listen. Particularly interesting to me are the portions I have highlighted in the conclusion paragraph.  Fundamental misalignments, competition for resources and lack of best practices are holding back strategic security planning.  I would simplify that to mean that no one knows what data they have, how important it is, or what the assets require from the standpoint of appropriate protection measures.

That requires effective data management.

Previous post:

Next post: