As big data hitches its trailer to the cloud computing bandwagon, organizations are collecting and storing a vast amount of data in data centers. Knowing this fact, it should come as no surprise to IT professionals and business leaders that data breaches are happening with more frequency. This begs the question, however, if corporations have knowledge of where data is stored in order to protect it. After all, if all information is considered to be equal, there might be some lapses in security and a lack of sufficient protocols. A recent report from the Ponemon Institute found that confidential data is often invisible to IT teams, leading to gaps in security.
The main problem seems to be that data security, while taken seriously, is not a priority for IT departments. Despite the report stating that 79 percent of IT professionals admitted not knowing where sensitive information is stored poses a large risk to corporate security, only 51 percent of them considered protecting that data to be a high priority. This problems come in two forms, however.
Locating big data
Structured data, information found in business applications such as enterprise resource planning tools and corporate resource management programs, is important to protect as it can contain financial details and other company metrics that can be stolen and used for fraudulent activities. Confidential structured data gets a little bit more attention, as Ponemon found that only 24 percent of survey respondents do not know where to find it in their IT environments.
Then there is unstructured data, which is collected from emails, contact books, phone systems and internal messaging. This is equally crucial to protect because some could give away trade secrets and financial information if employees are not using email encryption tools. Despite the importance of securing that data, the Ponemon report discovered that 41 percent of IT professionals do not know where sensitive unstructured data is located in data centers.
Together, structured and unstructured data are called big data. This big data can drive business decisions and affect processes when utilized properly. Losing any of this would not only make the news, but it could cause the company to lose valuable insights. IT departments are working on protecting both forms of big data, but is that enough? Ponemon researchers found that structured data is protected with application level access controls 62 percent of the time, while it was only encrypted in databases for 47 percent of the survey cases. Unstructured data, on the other hand, lacks those security measures and relies on being classified as sensitive data 54 percent of the time - which, when compared to the other statistics, means that it receives little in the way of protection.
The common security practices
Organizations are collecting so much big data that they have turned to seeking out security professionals. Data Center Knowledge reported that data centers administrators and cloud providers are "desperately" seeking IT professionals with skills in data protection. According to the source, employees need to know the intricate working of LAN, WAN, cloud security models and security virtualizations.
However, the Ponemon report found that data asset protection procedures are lacking in quality, poorly conducted or not completed at all, which suggests that businesses cannot find the IT staff necessary to properly protect sensitive corporate information. This is putting organizations at risk of data breaches. The areas of data protection that are lacking could easily be addressed by third-party data center security-as-a-service providers.
For example, 65 percent of organizations do not have data forensics capabilities, according to the study. If a breach occurred there would be little that these companies could do to solve it, and in the process, they would end up spending far more than it would have cost to implement these protocols from the beginning. Even more risky, 61 percent of IT departments do not monitor data transfers to and from third-party locations, a task at which security providers excel. Organizations could be infiltrated with malware and not discover it for months, similar to the most recently publicized data breaches.
For unstructured data contained in emails, the statistics are just as disappointing. The Ponemon researchers wrote that a majority of organizations lack the following six data protection practices: digital forensics, data redaction or data de-identification, detection and containing of data leakage, data access policies across the business, data monitoring and the revoking of access rights after an employee is terminated.
IT professionals are completely aware that security protocols are a necessary component of big data, before and after it is analyzed. They must either lack the skills and know-how or simply do not want to spend the time protecting data. Third-party security services will be the only chance that organizations have at guaranteeing their big data is safe from cybercriminals and malware.