In espionage or military situations, the phrase “need-to-know” is used to describe the restriction of sensitive data. Unless one has a specific reason to access that information, such details are withheld until such time that there is a “need to know.” In other words, the dissemination of sensitive information is limited to the smallest number of people.
With data breaches growing by leaps and bounds, this need-to-know concept should be implemented across the board in agency enterprises. New survey findings reveal, however, that this is not the case. In fact, organizations—if given a choice—would overlook security risks rather than sacrifice their employees’ productivity. In reality, many organizations have to make that choice, and security goes by the wayside when compared with losing business due to setbacks and delays.
In a recent press release, findings from the survey report, “Corporate Data: A Protected Asset or a Ticking Time Bomb?” commissioned by Varonis Systems, Inc. and conducted by the Ponemon Institute are summarized as follows:
- 71 percent of end users say that they have access to company data they should not be able to see.
- 4 in 5 IT practitioners (80 percent) say their organizations don’t enforce a strict least-privilege (or need-to-know) data model.
- Only 22 percent of employees say their organization is able to tell them what happened to lost data, files or emails.
- 48 percent of IT practitioners say they either permit end users to use public cloud file sync services or permission is not required.
- 73 percent of end users believe the growth of emails, presentations, multimedia files and other types of company data has very significantly or significantly affected their ability to find and access data.
- 43 percent of end users say it takes weeks, months or longer to be granted access to data they request access to in order to do their jobs, and only 22 percent report that access is typically granted within minutes or hours.
- Only 47 percent of IT professionals say end users in their organizations are taking appropriate steps to protect company data accessed by them.
For more details regarding the Varonis/Ponemon Institute study, see the press release in its entirety as well as the study findings.
====
IT SECURITY SUPPORT: Contact Paul Vesely at Blue Mountain Data Systems to discuss how Blue Mountain can provide IT Security Support for your Federal Civilian Agency. Services include Security and Vulnerability Management, Incident Response, Security Audits, Risk Assessment and FISMA Reporting.
====
