What are S&R pros doing about data security and privacy?
So we know that data security is a priority, but what does that mean?
Published 12:00, 23 September 12
- Data security is a top priority and commands a sizable chunk of budget. A majority of organisations (91
percent) cite data security as a critical or high priority and allocate, on average, 16
percent of security technology budget to this area. Hot focus areas include database vulnerability assessment, monitoring, and auditing, with 24
percent of firms planning to invest here, and data leak prevention (DLP), with 22
percent of firms planning investments in this area.
- Consumerisation fuels data security concerns, but protection is lacking. Data loss and protection are top mobile security concerns. Most firms have policies to address consumerisation (85 percent have a smartphone security policy, and 76 percent have a tablet security policy), but enforcement tools are lacking. Despite high concerns, many firms are either doing nothing for mobile data protection (23 percent) or only implementing baseline device security policies (38 percent) like password entry and remote lock and wipe.
- Privacy responsibilities go beyond the security group. Data security is primarily a security group responsibility. Privacy responsibility cuts across various business units and groups, and privacy officers and third-party privacy support are also called in to help. Privacy professionals surveyed by the IAPP tell us that top drivers for funding privacy include meeting compliance (54 percent) and reducing risk of data breach notification and publicised data breaches (50 percent).