Fifty years ago, the answer to that question was straightforward: “Yes, it’s in the locked filing cabinet.” Fifteen years ago, the answer still was pretty clear: “Yes, it’s on the server in the cage downstairs.”
These days, with so much rapid technological innovation occurring at a mind-bending pace, that same question proves increasingly difficult to answer.
Your company data could be on an employee’s phone, on their tablet, in their dropbox account, on a facebook page, in a LinkedIn entry, in someone’s gmail account, on a salesforce.com server somewhere…
And new risk dynamics will emerge on an almost daily basis. As just one example, when one of your employees uses a rental car and connects to its Bluetooth interface, the car stores your employee’s call logs, and this data is accessible for the next renters to find.
The data security threat is compounded as younger people, raised on technology and ever-expanding mobility, join the workforce. According to a recent study conducted by CSOonline, younger people have lower expectations of their own responsibility for corporate security with “half of all respondents to the study say[ing] that data security is not their responsibility, and 30 percent believe there should be no individual penalty at all for data lost from a mobile device.”
As your data continues to reside in more and more places, there is an increase in the risk that hackers or disgruntled employees will take advantage of this vulnerability. One safeguard companies are putting in place is cyber-security insurance which, according to David Derigtiotis, VP and Director of professional liability insurance for Burns & Wilcox, “was a $2 billion market in the U.S. last year. It would be a $10 billion segment if business owners were educated.” But insurance only mitigates the loss, how can a CIO prevent the loss in the first place?
For starters, one must follow the old adage: “You can’t manage what you can’t measure.” Tracking where your data resides and categorizing it into risk profiles will allow an enterprise to set policies and make sure they are focused on protecting the highest value data from ending up in the wrong place. Also, a data inventory will allow an enterprise to set security parameters and thresholds by which to measure different data storage options. For example, if you know your employees are using their own personal cloud storage applications, you can steer them towards a corporate sanctioned cloud storage solution. Or, if you know your employees are keeping important company data on their smart phones, you can ensure you have a mobile device management solution in place to protect that data in case the phone gets lost or stolen.
The flow of enterprise data will continue to follow technological innovation faster than IT departments can regulate. Understanding where your data is and having the ability to minimize risk without significantly curtailing your company’s productivity are quickly becoming some of the top priorities for CIOs.