While high-profile thefts of customer data from large retailers like Target Corp. and The Neiman Marcus Group Inc. have garnered headlines, they largely have failed to lead e-retailers and other companies to bolster their security procedures, according to a new report by Ponemon Institute LLC. The report was commissioned by Informatica, which sells software and services aimed at helping companies organize their data.
The report, “The State of Data Centric Security,” is based on a survey of 1,587 information technology executives whose jobs involve protecting sensitive or confidential data. The participants came from 16 countries.
Only 51% of respondents say that securing or protecting that data is a “high priority” within their company.
That’s despite 72% of respondents saying their company suffered a data breach within the previous 12 months. Among those who suffered breaches, 58% say that the incident could have been avoided with more effective security technologies and 57% say they wished they had had more skilled personnel with data security responsibilities.
79% of respondents say that not knowing where sensitive and confidential data resides is a serious security risk facing their companies, and 59% of retail respondents say that not knowing where sensitive is located “keeps me up at night.”
The problem with many retailers’ processes is that too many employees can access sensitive data, which they may then be able to export out of the company’s network to software hosted by outside companies, such as cloud-based customer relationship management programs, says Julie Lockner, Informatica’s vice president of marketing and business development.
“Those decisions are made outside of I.T. and I.T. might not even know about it,” she says. “And once it’s out there, getting it under control is like herding cats.”
She suggests using tools like policy workflow automation that alert I.T. when an employee is trying to copy sensitive data.
“Retailers have a ton of data classified as customer data that everyone wants for analytics,” says Lockner. “But to be safe, retailers need processes to avoid having that data proliferated outside I.T.’s control.”