ATLANTA and LONDON, April 27,
2017 /PRNewswire/ -- Corporate data governance programs are
difficult to establish and enforce. For the most part, these
programs lack the necessary people, processes and technology to
effectively fend off security threats, data breaches, regulatory
fines and lawsuits. The two weakest links in a company's data
governance program are uncontrolled user access to data (53
percent) and managing where data is stored (43 percent), according
to the "Data Governance Inside the Enterprise" research study
released by Blancco Technology Group today.
Data protection and regulatory compliance are further
complicated by the fact that organizations are often too lenient in
allowing employees to transfer data inside and outside their
organizations. For instance, 69 percent of the surveyed IT
professionals admitted they allow employees to transfer data onto
their personal mobile devices with only minor limitations and 33
percent allow employees to move data to cloud providers, such as
Dropbox, without any restrictions at all. On top of this, 47
percent of organizations either have limited visibility or no
visibility at all into how employees move data offsite.
Key findings from the study include:
- Organizations are more concerned with protecting corporate
reputations than passing audits and avoiding regulatory
penalties. 48 percent of organizations said their biggest
concern with data protection regulations is protecting their
reputations, while only 38 percent are worried about passing audits
and 40 percent are concerned with avoiding penalties.
- Unstructured and dark data are growing liabilities for
organizations. Despite IDG's prediction that 93 percent of
digital data will be unstructured by 2022, only 41 percent of
organizations have a central repository for managing unstructured
data. Meanwhile, 34 percent either don't have any tools in place to
manage unstructured data or are in the process of investigating the
necessary tools.
- Data classification is an important step in laying the
foundation for data protection and regulatory compliance. 58
percent classify data according to legal requirements, while 56
percent classify data based on how sensitive it is to unauthorized
disclosure/modification and 43 percent classify it according to its
perceived value to their organization. However, 5 percent don't
know how data is classified inside their organization, while 13
percent either don't classify data or don't know if they do.
- The absence and non-enforcement of data removal policies
conflicts with EU GDPR's 'right to erasure.' 13 percent of
organizations don't securely erase digital files and folders that
are no longer needed or used. On top of this, 16 percent don't have
a data removal policy for when data is no longer needed and 22
percent don't have written data disposal/destruction policies to
handle data that's no longer needed.
Overall, the study highlights a common, yet unfortunate reality
in most enterprises today – what you don't know can hurt you. One
such unknown is the amount of time that data should be retained. In
particular, 22 percent of the surveyed IT professionals admitted
they keep data forever, while 18 percent said they keep data for a
set amount of time regardless of data type.
"The reality is that many organizations adhere to a 'storage is
cheap, keep everything' mentality," said Richard Stiennon, Chief Strategy Officer,
Blancco Technology Group. "Data hoarding as a practice can be
dangerous, as we saw during the Yahoo hack last year when hacker
'Peace' leaked four-year-old data from 200 million Yahoo accounts
onto the dark web. Organizations need to learn that, as data ages,
its usefulness declines. In actual fact, all retained data is a
liability for discovery, breach, theft or loss. When its value is
less than the liability, when customers demand it (i.e. closing out
accounts) and when regulations require it, organizations need to
permanently erase the data so it can never be recovered and result
in another situation like the Yahoo breach."
About Blancco Technology Group
Blancco Technology Group (AIM: BLTG) is the de facto standard in
data erasure and mobile device diagnostics. The Blancco Data Eraser
solutions provide thousands of organizations with an absolute line
of defense against costly security breaches, as well as
verification of regulatory compliance through a 100% tamper-proof
audit trail. Our data erasure solutions have been tested,
certified, approved and recommended by 18 governing bodies around
the world. No other security firm can boast this level of
compliance with the most rigorous requirements set by government
agencies, legal authorities and independent testing
laboratories.
The Blancco Mobile Diagnostics solutions enable mobile network
operators, retailers and insurers to easily, quickly and accurately
identify and resolve performance issues on their customers' mobile
devices. As a result, mobile service providers can spend less time
dealing with technical issues and, in turn, reduce the quantity of
NTF returns, save on operational costs and increase customer
satisfaction.
For more information, visit our website at www.blancco.com.
Media Contacts:
SHIFT Communications for Blancco
Technology Group (US)
David Heffernan, Account Manager
T: (617) 779-1839
E: blancco@shiftcomm.com
SAY Communications for Blancco Technology Group (Europe)
Robert Hickling, Senior Account
Manager
T: 44 (0) 20 8971 6427
E: blancco@saycomms.co.uk
Blancco Technology Group
Ragini Bhalla, Senior Director of
Global Communications
E: ragini.bhalla@blancco.com
To view the original version on PR Newswire,
visit:http://www.prnewswire.com/news-releases/uncontrolled-user-access-to-data-mismanaged-storage-locations-and-data-hoarding-poke-large-holes-in-corporate-data-governance-programs-300446247.html
SOURCE Blancco Technology Group