No Control of Unstructured Data

No Control of Unstructured Data

By Greg McNevin

July 2, 2008: A new study from Varonis Systems and the Ponemon Institute highlights the problems modern organisations are having controlling access to unstructured data.

Titled the “Survey on the Governance of Unstructured Data,” the study shows the need for organisations to control access to unstructured corporate data such as spreadsheets, documents, presentations, blueprints or any data stored and accessed on file servers and Network Attached Storage (NAS) devices.

The study surveyed 870 individuals who work in IT operations and have an average of approximately 10 years of IT and business experience. According to the survey, 89 percent of survey respondents admit that controlling access to unstructured data is very challenging.

Additionally, nearly 70 percent feel that access to their unstructured data by employees is very often unwarranted, and worse, they are unable to monitor and control access. All up an unimpressive 84 percent of organisations say their unstructured data is accessible by people with no business need for access.

As unstructured data makes up the vast majority of digital business assets, ensuring access is governed by strict policies in an imperative. Especially considering that the amount of unstructured data is growing exponentially.

The survey also found that 91 percent of organisations lack a process for determining data ownership, and 76 percent can’t determine who can access unstructured data. 61 percent also have no process for monitoring what users are accessing, despite 84 percent believe controlling unstructured data access will remain important or get more important during the next two years.

“Our study exposes a serious flaw in the data security processes of many companies in that inadequate data governance may afford improper access to sensitive information by unauthorised individuals,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.

“Research by the Ponemon Institute and other organisations consistently shows that insiders present a huge threat to data integrity; without proper governance mechanisms in place it is all but impossible to prevent these insiders from accessing information inappropriately.”

Comment on this story