Research: businesses pay more attention to threats, not data protection
According to a new study, enterprises that invest in specialized products pay more attention to threats, not their own data.
A study published on Tuesday showed that businesses pay more attention to threats, not to protecting their data.
A study by Varonis Systems of the Data Security Money Pit: Expense In Depth Hinders Maturity (Ineffective investment in data protection: the cost of working out details does not lead to increased security), conducted by Forrester Research’s research center, demonstrates that enterprises investing in specialized products pay more attention to threats than to their own data.
The study poses the question: what is the value of data protection? Most companies value this concept in terms of risk, cost, and regulatory compliance. “However, when a competitive advantage lies in the way a company uses digital technologies to create new customer value, increase adaptability to meet customer needs, and also to form digital ecosystems that form completely new revenue streams, data protection and confidentiality become something much more than just cost optimization. In fact, they are a factor in revenue growth and the company as a whole, ”the study explains.
')
Key Varonis Research Indicators
• 62% of respondents have no idea where the confidential unstructured company data is stored.
• 66% can not give the correct definition of such data.
• 59% do not insist on using the model of access to such data on the principle of granting minimal rights.
• 63% do not check how such data is used, and do not have a warning system in case of their incorrect use.
According to the Varonis report, the problem is that companies currently depend on a specific set of security tools to protect their networks, reduce costs, and streamline production processes. However, as stated in the report, data protection is still a set of disparate processes.
In September 2016, on behalf of Varonis, the Forrester Research Center checked the situation and assessed the need to create a platform for data protection. The Forrester Center interviewed 150 representatives of US and Canadian companies responsible for making decisions in the field of data protection in various sectors of the economy. It was found that "in the case of a transition from using products to using a platform, the concept of data protection for companies will change."
The study contains three main findings.
Investing in data protection products does not increase security. Most companies use different technology solutions to ensure data protection. However, investing in solutions with a high level of security does not increase the level of data protection, nor does it ensure the implementation of a unified security strategy.
The lack of an increased level of data protection manifests itself when problems arise. Despite all the assurances of a high level of protection, the vast majority of companies face technical and organizational problems in data protection, pay more attention to threats than to their data, and do not understand the concept of data confidentiality and do not know how to ensure that they are properly managed. level
There is a need for a single platform for data protection. A single platform for data protection will optimize the data protection strategy, ensuring their availability and management at the proper level. At the same time, companies will be able to control costs and solve problems related to integration.
As a conclusion, the study stated the following: “A single platform for data protection provides the main opportunities for companies. At the same time they get a reliable technological basis for their own data protection strategy. In addition, conditions are created to improve the security of the company and improve the efficiency of its activities in general. The key principle is integration with existing infrastructure. It's time to put an end to the costs of working out the details and the torment with the hastily created opportunities in dissimilar products. "
As David Gibson, vice president of strategic development and market expansion for Varonis, published by SC Media, said on Tuesday: “As a result of sensational hacks, we faced a large number of urgent response costs that did not lead to the desired results and did not help improve the overall security level. You can invest in a myriad of specialized solutions that reduce risks from certain threats or perform specific tasks, but often they do not help protect the data itself. ”
Data needs to be viewed more consistently, in the form of a specific asset. And, according to D. Gibson, his company has a more attentive approach to their protection, in which the following questions become important: what type of data are collected, created and stored, where are they located, who has access to them, how are they used, and Also, how can an administrator find out that someone is destroying and stealing data or violating its integrity?
Gibson argues that “companies that are well thought out about their actions, pay due attention to the data and are more attentive to their protection (similar to protecting their financial assets): they place data in a safe place, provide access only as needed, and also track all data operations for the purpose of fraud detection or misuse. ”
As Forrester center analyst Heidi Shey told SC Media on Tuesday, it's very easy to get hooked, focusing only on threats and attacks. This is how companies get into the front pages after their data has been hacked. “To protect your data, you need to understand exactly what you are protecting and why. In addition, to formulate a strategy for protecting such data, you need to know how they are used. ”
According to H. Shay, it is at this moment that a data-oriented approach is being created. In this case, the data is identified based on the level of confidentiality, importance and other contextual information. Thus, users can come to an understanding of what controls they need, and bring these tools closer to the data in order to provide protection at any stage of the life cycle.
A study published on Tuesday showed that businesses pay more attention to threats, not to protecting their data.
A study by Varonis Systems of the Data Security Money Pit: Expense In Depth Hinders Maturity (Ineffective investment in data protection: the cost of working out details does not lead to increased security), conducted by Forrester Research’s research center, demonstrates that enterprises investing in specialized products pay more attention to threats than to their own data.
The study poses the question: what is the value of data protection? Most companies value this concept in terms of risk, cost, and regulatory compliance. “However, when a competitive advantage lies in the way a company uses digital technologies to create new customer value, increase adaptability to meet customer needs, and also to form digital ecosystems that form completely new revenue streams, data protection and confidentiality become something much more than just cost optimization. In fact, they are a factor in revenue growth and the company as a whole, ”the study explains.
')
Key Varonis Research Indicators
• 62% of respondents have no idea where the confidential unstructured company data is stored.
• 66% can not give the correct definition of such data.
• 59% do not insist on using the model of access to such data on the principle of granting minimal rights.
• 63% do not check how such data is used, and do not have a warning system in case of their incorrect use.
According to the Varonis report, the problem is that companies currently depend on a specific set of security tools to protect their networks, reduce costs, and streamline production processes. However, as stated in the report, data protection is still a set of disparate processes.
In September 2016, on behalf of Varonis, the Forrester Research Center checked the situation and assessed the need to create a platform for data protection. The Forrester Center interviewed 150 representatives of US and Canadian companies responsible for making decisions in the field of data protection in various sectors of the economy. It was found that "in the case of a transition from using products to using a platform, the concept of data protection for companies will change."
The study contains three main findings.
Investing in data protection products does not increase security. Most companies use different technology solutions to ensure data protection. However, investing in solutions with a high level of security does not increase the level of data protection, nor does it ensure the implementation of a unified security strategy.
The lack of an increased level of data protection manifests itself when problems arise. Despite all the assurances of a high level of protection, the vast majority of companies face technical and organizational problems in data protection, pay more attention to threats than to their data, and do not understand the concept of data confidentiality and do not know how to ensure that they are properly managed. level
There is a need for a single platform for data protection. A single platform for data protection will optimize the data protection strategy, ensuring their availability and management at the proper level. At the same time, companies will be able to control costs and solve problems related to integration.
As a conclusion, the study stated the following: “A single platform for data protection provides the main opportunities for companies. At the same time they get a reliable technological basis for their own data protection strategy. In addition, conditions are created to improve the security of the company and improve the efficiency of its activities in general. The key principle is integration with existing infrastructure. It's time to put an end to the costs of working out the details and the torment with the hastily created opportunities in dissimilar products. "
As David Gibson, vice president of strategic development and market expansion for Varonis, published by SC Media, said on Tuesday: “As a result of sensational hacks, we faced a large number of urgent response costs that did not lead to the desired results and did not help improve the overall security level. You can invest in a myriad of specialized solutions that reduce risks from certain threats or perform specific tasks, but often they do not help protect the data itself. ”
Data needs to be viewed more consistently, in the form of a specific asset. And, according to D. Gibson, his company has a more attentive approach to their protection, in which the following questions become important: what type of data are collected, created and stored, where are they located, who has access to them, how are they used, and Also, how can an administrator find out that someone is destroying and stealing data or violating its integrity?
Gibson argues that “companies that are well thought out about their actions, pay due attention to the data and are more attentive to their protection (similar to protecting their financial assets): they place data in a safe place, provide access only as needed, and also track all data operations for the purpose of fraud detection or misuse. ”
As Forrester center analyst Heidi Shey told SC Media on Tuesday, it's very easy to get hooked, focusing only on threats and attacks. This is how companies get into the front pages after their data has been hacked. “To protect your data, you need to understand exactly what you are protecting and why. In addition, to formulate a strategy for protecting such data, you need to know how they are used. ”
According to H. Shay, it is at this moment that a data-oriented approach is being created. In this case, the data is identified based on the level of confidentiality, importance and other contextual information. Thus, users can come to an understanding of what controls they need, and bring these tools closer to the data in order to provide protection at any stage of the life cycle.
Source: https://habr.com/ru/post/326892/
All Articles