Unstructured data poses security risk, survey finds
Slack internal governance rules blamed.
By Brian Fonseca, Computerworld (US online) | Published: 14:07, 02 July 2008
Corporate information stored on file servers and network attached storage (NAS) devices is in danger of being compromised according to a new report. This is because IT governance policies and access rules in many companies are incapable of dealing with a massive growth of unstructured data.
The survey by the Ponemon Institute of 870 IT professionals found that only 23 percent believe unstructured data stored by their companies is properly secured and protected.
A wide majority - 84 percent - of respondents said that too many workers at their companies can access critical corporate unstructured data. About 76 percent said their companies have no process in place to control which employees can access specific unstructured data. Such unchecked access could expose internal security gaps and increase the potential for misuse of data, the study notes.
Varonis Systems, a maker of data governance software, funded the survey.
Larry Ponemon, chairman of the research firm, noted that IT managers say that it's difficult to find automated access control processes that can determine the importance of information the moment it's created. About 61 percent of respondents said they cannot keep track of which users access specific unstructured data, and 91 percent said their organisations lack the ability to determine data ownership because of faulty governance policies and a lack of available storage tools that can remedy the problem.
While IT managers continue to spend significant sums of money on storage technology to hold rapidly increasing amounts of structured data, many admit that the complexity of unstructured data still makes it difficult to secure it, said Ponemon.
"What we find is not that they won't spend money on it, but they really don't know how to [resolve the issue] because of the complexity; it's a knowledge issue," said Ponemon.
The respondents said that without adequate controls for unstructured data, the top potential problems are insider negligence and deliberate misuse or theft of information from within an organisation.
For the study, Ponemon defined unstructured data as electronic information residing on file servers and NAS devices that is not stored in a database or in a document/content management system. He said it can include: email, instant messages, Microsoft Word documents; PowerPoint files; electronic spreadsheets; and source code.
