The growth of cloud and mobile computing, the ease at which files can be shared and the diversity of collaboration methods, applications and devices have all contributed to the frequency of file data leakage incidents.
More so, the expansion of industry and government compliance mandates toward data security, and specifically safeguarding PII, has spurred companies to take action and investigate how to extend policies, processes and controls to further protect sensitive information within and outside an organization.
The key findings of a new FinalCode report revealed that all responding organizations expressed significant concern for risk of data leakage due to inappropriate sharing or unauthorized access to files containing sensitive, confidential or regulated information. Correspondingly, more than 80 percent of survey participants were aware of data leakage incidents in their organizations.
While the majority of IT organizations have enhanced technical controls and auditing, only 16 percent of the respondents felt highly confident in their file security investments – indicating an underlying insecurity in monitoring and enforcement capability. Fortunately, the vast majority of respondents, across IT, security and line of business roles, indicated that their organization plans to invest in stronger security controls.
The survey and analysis of more than 150 respondents from mid-tier and large enterprises was completed by EMA in September 2015. It illustrates the nature of perceived file security threats and defenses within North American organizations. Survey highlights are:
- All organizations, across IT, security and line of business roles, are concerned about file data leakage risks, and 75 percent expressed very high to high concern
- 84 percent of participants had moderate to no confidence in their security controls and auditing capacity to secure confidential files
- More than 80 percent of survey participants experienced file data leakage incidents in their organization, and half expressed frequent incidents
- Inappropriate file sharing with others inside the organization, with those outside the organization, and through malware and hackers were cited as the most likely causes of data leakage
- More than 90 percent of respondents stated the lack of protection of files leaving cloud-based platforms or device containers as the highest risk to adopting cloud-based file storage and collaboration services
- While policy development and legal enforcement are foundational file security defenses, organizations plan to increase user awareness training and purchase additional security technology
- Email Gateway/Proxy and Data Loss Prevention (DLP) technologies were the top mature controls, while file encryption and usage control software was cited as the top upcoming control investment
- 70 percent of respondents believed that end users would invoke stronger security controls on files they share if empowered to do so.
“Data dissemination and file collaboration are natural parts of most business and operational workflows, so must security be an integral part of the workflow to protect information. Unfortunately, protecting sensitive and regulated data within shared files remains a significant exposure within many organizations,” said David Monahan, research director of risk and security management at EMA. “Our survey findings clearly show a gap between file security policies and practices and the efficacy of technical controls in place to monitor and enforce compliance to the existing policies. This lack of capability to control unstructured data as it moves through its lifecycle will not only yield more data privacy breaches but will impact the adoption of advanced enterprise and cloud content management systems.”