A new Enterprise Strategy Group (ESG) research study, which was completed by 200 senior IT and security professionals with influence over purchasing decisions, highlights the need for organizations to have the necessary technologies in place to ensure policies travel with sensitive data wherever and however it is shared.
Type of sensitive files regularly shared with external parties
Loss of sensitive information is a top concern
While 98 percent of respondents cited the loss of sensitive data as a top or significant concern, many believe it is very or somewhat likely that sensitive data had been lost or accessed inappropriately in the last 12 months. Commonly stated reasons for data loss include, emails inadvertently sent to the wrong person (67 percent), unauthorized access (64 percent) and lost portable storage devices (61 percent).
Loss of information due to human error continues to be a concern
56 percent of respondents said it’s very or somewhat likely that files had been stolen by partners, contractors or customers (with 28 percent saying it’s very likely), as well as 58 percent saying the same about files being stolen by employees and malicious software (60 percent).
IT faces a new set of challenges and requirements when protecting sensitive data assets
The need to external collaboration makes file sharing a common occurrence, which can also pose as a security threat if information is accessed by an unauthorized party. In fact, 34 percent of respondents noted that 26 to 50 percent of their employees regularly share files with individuals external to their organizations. Other challenges include hybrid IT, the rise of the mobile workforce and shadow IT applications.
EFSS is quickly gaining parity as one in a variety of solutions used for sending, sharing and collaborating
Organizations are quickly adopting Enterprise File Sync and Share (EFSS) services as a means to share information, with 75 percent of respondents noting EFSS is used frequently to share files with others and 54 percent noting that their end-users use two to three authorized and unauthorized file sharing services. While EFSS is a highly popular method for sending documents, traditional methods of sharing files are still frequently utilized.
Portable storage devices (60 percent), FTP (58 percent), and email (79 percent) are also reported to be used for collaboration by respondents’ organizations. The ability to persistently secure any file type across all sharing methods, devices, and storage locations is paramount.
External collaboration is likely is driving investment in EDRM
47 percent of respondents indicated they have already deployed an EDRM solution and 37 percent said they are committed to doing so in the next 12 to 24 months. The trend towards increased adoption of EFSS, and the external collaboration that it enables, is likely the primary reason.
First-generation EDRM systems are not an effective approach to persistently securing information
69 percent of those who already employed EDRM reported current plans for refreshing or augmenting their existing solutions and an additional 27 percent stating their intention to do so in the next 12 months. Three of the top four most-cited perceived challenges of EDRM solutions stated by all respondents was their inability to integrate with existing systems, difficult policy management for IT and difficult utilization for end-users due to agent requirements.
A next-generation EDRM solution, based on the results of the ESG research, can best be characterized as having increased breadth and depth in usage controls and types of files that can be protected, the ability to integrate with other applications to automate protection, and browser-based access for ease of use.
“ESG’s research uncovered a classic example of how new technologies that have incredible business value can also bring security vulnerabilities that either restrict the use of such technologies, or leave the business vulnerable,” said Doug Cahill, Senior Analyst, ESG. “In order to fully embrace technologies that encourage collaboration and cost savings, businesses need solutions that provide the capability to automatically and comprehensively secure the five W’s of data control: who can access which file, what can they do with the file, from which location/device, and when.”