Data protection is fundamental to the smooth and successful running of enterprise businesses today. It is also integral to mitigating reputational risk. 89% of CIOs/CISOs and 80% of ITDMs say that their ability to protect corporate and customer data is vital or very important to their company’s brand and reputation—a sentiment that 74% of knowledge workers agree with. But, even when considering the growing threat landscape, more than a quarter (28%) of ITDMs suggest that they do not do enough, or are not sure that they do enough to protect corporate data. This will be of great concern to knowledge workers, of whom at least a third (36%) believe the business they work for may be at risk of a data breach (that could go public) in the next year.
“What's clear from the 2016 Datastrophe Study is that more needs to be done to protect the enterprise. CISOs need to stop being the custodians of security and start taking the position of service providers and consultants to the business. While decisions around IT projects should be driven by the business, lines of business managers should be working closely with their CISOs to ensure projects measure up to the rigours of modern enterprise security. It's no longer enough for the general IT team to give advice—often based on what they 'can' or want to provide—on information and data security,” comments Phil Cracknell, founding member at ClubCISO, who reviewed the study’s findings.
Uncertainty around data protection strategies is no longer an option, especially when you consider the rapidly changing data protection policy landscape and pre-existing trust issues. 69% of ITDMs suggest that the upcoming General Data Protection Regulation (GDPR) will affect the way they purchase and/or provision data protection and security tools/solutions. In fact, 76% suggest they will be putting in additional security measures in place. Yet, 18% are waiting for everything to be finalised before making changes. This will not be welcome news to at least a quarter of knowledge workers (25%), who say they currently do not trust their IT teams or companies with their personal data.
“It is Quocirca’s belief that organisations have to put in place adequate measures to ensure a higher degree of data protection and security. Endpoint data management is a necessity along with data loss prevention (DLP) software and data encryption. Data should be centralised wherever possible and tracked and controlled through digital rights management (DRM) solutions whenever it leaves the control of that central point. Mobile devices should be virtualised and sandboxed to prevent movement of data from the corporate space to the public one. Attempting to rely on the knowledge and goodwill of a changing workforce is not enough—the right tools have to be put in place,” adds Clive Longbottom, founder and analyst at Quocirca.
Now is definitely the time for change, and it is starting to happen. 69% ITDMs say they should be doing their best to provision data security that matches end-user expectations and working patterns. And a further 54% of knowledge workers and 38% of ITDMs believe there should be more investment into endpoint data protection in their organisations.
“Today, in large part due to the onset of flexible working and increased mobility of knowledge workers, the majority of the data we carry is at the endpoint. This new found mobility of data, combined with a rapidly evolving threat landscape is causing enterprise IT security—which traditionally relied on locking data away safely in the datacentre—to go through a dramatic transformation. IT and information security teams need to find powerful new solutions that will keep data safe—wherever it might be. The time for change in the enterprise is now—from the C-suite to the knowledge worker,” concludes Rick Orloff, CSO at Code42.
