Protecting sensitive data? Most companies don’t even know where it is

Time and again we hear about the importance of protecting the most valuable data from internal and external leaks. But a new study from Ponemon and Informatica finds that most companies can’t even point to where that data resides, let alone seal it off. 

According to the State of Critical Data Security report:

  • only 16% of respondents knew where all their structured data was stored
  • even fewer (7%) knew where unstructured data was stored, and
  • 24% didn’t know where their structured data was located and 41% didn’t know where unstructured data was located.

If the goal is protecting data – and it certainly should be – this would certainly be at least nice, if not critical, information to have. Take for instance the finding that 79% of respondents said not knowing where sensitive information lies is a significant risk to the organization.

Protections used, but data slips through

The study also provides insight into how companies are trying to protect this sensitive information. In the case of structured data, the top five methods of protection were:

  1. sensitive data classification (68%)
  2. application-level access controls (62%)
  3. database encryption (47%)
  4. database activity monitoring (47%), and
  5. centralized access control for data in databases and applications (42%).

But in the end, all that really matters is the bottom line: 72% of companies in the report had experienced at least one data breach in the previous 12 months. When asked the most critical question, what would’ve prevented that breach from happening in the first place:

  • 58% said better data protection technology
  • 57% said additional data security experts, and
  • 54% said more automation of processes and controls.

Finding your sensitive data protection method

There’s no one way a data breach occurs. And there’s no one way to prevent one from happening either.

It’s best to focus efforts on the following areas:

  • Technology. Automation and technological solutions can help detect data breaches and attempts more quickly and accurately than people often can on their own. Encryption technology is also important to protect you in case of a breach.
  • People. While good security pros may be hard to find, security-minded techs are important to have your team.  Likewise, making sure users are focused on security is always important, and will require quality training.
  • Policies. Whatever your rules on data transfer, make sure they’re well understood and followed by all users all the time.