Ponemon Institute: Security and Privacy Lapses From Lack of Enforcement

Ponemon Institute: Security and Privacy Lapses From Lack of EnforcementA new survey says that US companies often have the right security policies and procedures down on paper, but don’t enforce them, leading to vulnerability to cyber attack. The survey was carried out by the Ponemon Institute, a Michigan-based research organization focused on “privacy, data protection and information security policy,” and was sponsored by Zimbra, which offers open-source collaboration software. The bottom line number is that 44% of US companies fail to enforce security and data privacy policies, with a further 34% reporting they enforced those policies in only some cases.

Don Tennant at IT Business Edge interviewed Olivier Thierry, the CMO at Zimbra, in order to find out why this is happening. Thierry’s answer? “Shadow IT.”

That stands for IT solutions that don’t have your IT department’s blessings, but are being used by your employees because they are far more user-friendly than your corporate-IT sanctioned solutions. However, many of those user-friendly quick-fixes are frighteningly insecure. Corporate apps also need to be user friendly if companies want to tamp down on shadow IT, according to Thierry, who conveniently used the platform to tout his company’s software. Thierry also gave some great advice about how to securely transfer sensitive data, in addition of course to being user friendly:

  • It is an absolute must that information be stored and transferred securely and privately, chiefly through the application of cryptographic mechanisms.
  • Access control and identity management are also measures that should be put in place, including two-factor authentication, rights, and authorization management.
  • Understanding data locality is increasingly becoming a necessity, as regional and national governing bodies put data protection and privacy regulations in place.
  • Maintaining compliance, as it applies to your company, is a minimum nowadays.

See bullet number 2 there: if you don’t already, you need to get an Identity and Access Management and Control solution with at least those characteristics. A good solution will help you do the other bullet points, too. You can check out the top IAM solutions in our free 2015 Buyers Guide.

Follow Doug

Doug Atkinson

President at Solutions Review
An entrepreneur and executive with a passion for enterprise technology, Doug founded Solutions Review in 2012. He has previously served as a newspaper boy, a McDonald's grill cook, a bartender, a political consultant, a web developer, the VP of Sales for e-Dialog - a digital marketing agency - and as Special Assistant to Governor William Weld of Massachusetts.
Follow Doug