To expect data security to be perfect is not realistic. Inevitably, mistakes will happen and data will be lost. But such a realistic view does not mean glossing over those mistakes. If anything, realism compels us to take ever more vigilant measures to assure our customer, operational, and intellectual property data is safe.
But, if recent research tells us anything, many organizations are not taking a realistic view of the importance of their data to invest in systems and processes to protect it. They must live in a fantasy world where guarding data is not that important.
Take the 2012 Global State of Information Security Survey from Pricewaterhousecoopers. PWC's 14th survey shows that 72% of those polled are confident in their efforts to protect data. However, the same executives surveyed admit there has been a steady decline over the past three years in the knowledge of where data is, as well as in the number of companies using ID management, among other deficiencies. PWC calls it a "troubling degradation in core security capabilities." For example, only 41% in the survey have an identity management strategy and, worse, a mere 29% have an accurate inventory about where their data resides, down from 39% in 2009.
This lackadaisical attitude toward data security probably contributed to the frightening results from Verizon's annual Data Breach Investigations Report. The 2012 report revealed "the second highest data loss total since we started keeping track in 2004."
The raw numbers are disturbing. The 855 incidents of data breaches in 2011 resulted in 174 million stolen records. But the truly scary aspect of these breaches is, according to those who reported on the data breaches, 97% could have been prevented through "simple or intermediate controls." In other words, had organizations taken even rudimentary security precautions the number of incidents and records lost would have been a mere handful.
There are numerous technologies, services, and best practices for keeping your information secure. One of the most underused, in my mind, is applying analytics to system event logs. These data sources can be used as an early warning system that someone has potentially slipped through your security net. There's little or no chance that a person can scan these logs and detect a pattern indicating a security breach. But analytics tools, such as Sybase IQ, can do so and do it in real time to help avert a catastrophic loss of information.
Maintaining data security is difficult with so many criminals targeting organizations of all kinds and sizes. But enterprises should not make it any easier for data thieves by overlooking "simple or intermediate controls" and leaving the welcome mat open to them.
Related reading: Invent new possibilities with HANA, SAP's game-changing in-memory software SAP Sybase IQ Database 15.4 provides advanced analytic techniques to unlock critical business insights from Big Data SAP Sybase Adaptive Server Enterprise is a high-performance RDBMS for mission-critical, data-intensive environments. It ensures highest operational efficiency and throughput on a broad range of platforms. SAP SQL Anywhere is a comprehensive suite of solutions that provides data management, synchronization and data exchange technologies that enable the rapid development and deployment of database-powered applications in remote and mobile environments Overview of SAP database technologies