Your SlideShare is downloading. ×
IDG Connect - Secure Business Communications: Protecting sensitive data in the private and public sectors - Survey December 2013
IDG Connect - Secure Business Communications: Protecting sensitive data in the private and public sectors - Survey December 2013
IDG Connect - Secure Business Communications: Protecting sensitive data in the private and public sectors - Survey December 2013
IDG Connect - Secure Business Communications: Protecting sensitive data in the private and public sectors - Survey December 2013
IDG Connect - Secure Business Communications: Protecting sensitive data in the private and public sectors - Survey December 2013
IDG Connect - Secure Business Communications: Protecting sensitive data in the private and public sectors - Survey December 2013
IDG Connect - Secure Business Communications: Protecting sensitive data in the private and public sectors - Survey December 2013
IDG Connect - Secure Business Communications: Protecting sensitive data in the private and public sectors - Survey December 2013
IDG Connect - Secure Business Communications: Protecting sensitive data in the private and public sectors - Survey December 2013
IDG Connect - Secure Business Communications: Protecting sensitive data in the private and public sectors - Survey December 2013
IDG Connect - Secure Business Communications: Protecting sensitive data in the private and public sectors - Survey December 2013
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

IDG Connect - Secure Business Communications: Protecting sensitive data in the private and public sectors - Survey December 2013

154

Published on

IDG Connect - Secure Business Communications: Protecting sensitive data in the private and public sectors - Survey December 2013

IDG Connect - Secure Business Communications: Protecting sensitive data in the private and public sectors - Survey December 2013

Published in: Education, Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
154
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. OpenText survey Infographic summary Why, who, what? Secure Business Communications: Ways to communicate Security satisfaction Data breaches Storing information About fax Organisational policy Future plans Conclusion IDG Connect is the demand generation division of International Data Group (IDG), the world’s largest technology media company. Established in 2005, it utilises access to 35 million business decision makers’ details to unite technology marketers with relevant targets from any country in the world. Committed to engaging a disparate global IT audience with truly localised messaging, IDG Connect also publishes market specific thought leadership papers on behalf of its clients, and produces research for B2B marketers worldwide. For more information visit: www.idgconnectmarketers.com Protecting sensitive data in the private and public sectors Survey conducted by IDG Connect on behalf of OpenText
  • 2. OpenText survey Infographic Summary Why, who, what? Information privacy is a constant challenge for organisations Do you consider your electronic communications to be secure? Ways to communicate 27% desktop fax 33% Security satisfaction 73% memory stick email @ Data breaches Storing information About fax secure not secure Organisational policy PDF Future plans 46% What are the key factors that influence your organisation’s policy on communicating sensitive data? 5% 8% 28% 85% 33% 29% PDF via email What are your business and technical plans for the next 12-24 months? 58% reduce costs improve customer service grow revenue n io af f sl gi le y ith bi lit w la e ai co m pl ia nc av at st to st co us e se of r ea ot he y 31% ic 41% automate processes other po l 53% improve regulatory compliance move toward cloud/ hosted services no IDG Connect is the demand generation division of International Data Group (IDG), the world’s largest technology media company. Established in 2005, it utilises access to 35 million business decision makers’ details to unite technology marketers with relevant targets from any country in the world. Committed to engaging a disparate global IT audience with truly localised messaging, IDG Connect also publishes market specific thought leadership papers on behalf of its clients, and produces research for B2B marketers worldwide. For more information visit: www.idgconnectmarketers.com 27% paper fax Conclusion 19% 38% 34%
  • 3. OpenText survey Infographic summary Why, who, what? Ways to communicate Security satisfaction Data breaches Storing information About fax Organisational policy Future plans Conclusion IDG Connect is the demand generation division of International Data Group (IDG), the world’s largest technology media company. Established in 2005, it utilises access to 35 million business decision makers’ details to unite technology marketers with relevant targets from any country in the world. Committed to engaging a disparate global IT audience with truly localised messaging, IDG Connect also publishes market specific thought leadership papers on behalf of its clients, and produces research for B2B marketers worldwide. For more information visit: www.idgconnectmarketers.com The global information security challenge Sensitive data is regularly faxed to the wrong number, visible on mislaid unencrypted laptops, or unsecured on PCs sold off or discarded with hard drives still full of data. Failing to protect data provokes serious trust and financial consequences for organisations across all industries and borders. In light of the attention given to reports of data security breaches, we’ve been talking to decision makers in three sectors in which data protection is mission critical - namely finance, health, and government. Focusing on these three security-conscious industries, this survey reports the current state of data security in the United Kingdom, Ireland and South Africa. Our researchers talked to people who understand the importance of data protection in their organisations, e.g. management and decision makers in legal, compliance, IT governance and business management roles in organisations with more than 250 employees. We used this survey to gauge their satisfaction with the way they manage the exchange and storage of sensitive information today, and to examine that in the context of their future business and technical priorities. Organisations in both the public and private sector face demanding data security challenges. They interact with a very large number of individuals for whom they need to store vast quantities of personal information, such as healthcare histories, bank account details or tax information. They often need to share that information safely across branch offices and agencies to deliver effective services. That means not only storing data safely onsite or with service providers, but also creating a secure system for transferring data physically or electronically. Many of these organisations implement regular changes in how services are delivered, by whom, and when. Commercial enterprises acquire each other, or can be required to spin off some activities. Healthcare providers can be merged across geographies to create regional networks and centres of excellence and to improve overall service. Central and local government departments are formed and re-formed to meet evolving needs. These changes have an impact on data protection. As structures change and organisations or departments merge, these entities must align their IT policies and processes to ensure business continuity. At the same time, these organisations are faced with increasingly complex data protection regulations and hefty penalties for compliance failure. The cost of failure must be balanced against the investment that may be needed to ensure compliance. Beyond their need for privacy and security, many healthcare providers find their greatest records management challenges simply in handling the volume of communications coming in and out of the office. Notifications, bulk emails, and other regular communications should be automated. All of this must be addressed against a background of economic downturn and the constant need to control costs. Our research shows how satisfied organisations are with their current approach to the protection of sensitive information, and how data security fits into their business strategies for the next two to five years.
  • 4. OpenText survey l ai em l ai em by F PD r ie ur co 37% po s Memory sticks, providing a highly portable but easily misplaced means of communication, are used by 34% of respondent organisations. 40% t When originals of documents – or information that doesn’t fit into an electronic format – must be transferred, these remain the most common methods of data exchange. A courier is more secure and faster than post, but comes at a higher cost. PDF k st ic y x Comparison across the three countries surveyed produced some marked cultural differences in the preferred method of data protection and exchange. In the UK, only about half of all 32% 30% fa Other methods used include FTP, managed file transfer and electronic data interchange – mentioned by 16% of organisations. 34% or Fax has traditionally been a fast and favoured way of sending and receiving information. Today about a third of organisations use fax – either with paper-based devices like fax machines or MFPs, or electronically from the desktop or mobile device. Without effective policies in place to check that the intended pages are being sent to the right recipient, fax can be problematic for data security. ax IDG Connect is the demand generation division of International Data Group (IDG), the world’s largest technology media company. Established in 2005, it utilises access to 35 million business decision makers’ details to unite technology marketers with relevant targets from any country in the world. Committed to engaging a disparate global IT audience with truly localised messaging, IDG Connect also publishes market specific thought leadership papers on behalf of its clients, and produces research for B2B marketers worldwide. For more information visit: www.idgconnectmarketers.com 48% em Conclusion Couriers are used by 40% of the organisations surveyed, while post is used by 37%. @ rf Future plans 87% c Organisational policy Portable document format – PDF – is a popular method for sharing documents because of its breadth of compatibility with the most commonly used operating systems and applications. Supporters of the PDF format point out that data in these documents is also protected by optional access rights. m About fax pe Storing information How do you communicate sensitive information? ni Data breaches The research shows that email is by far the most popular method of business communication. Nearly 90% of respondents to our survey use email, and almost half send information in PDFs via email. From the data protection point of view, email has the benefit of being sent directly to an individual’s mailbox, provided the right address has been selected. It’s a low-cost option, and email provides an audit trail to track the movement of information. pa Security satisfaction respondents reported using fax, (26% for paper fax and 23% for electronic fax). Irish organisations show a higher tendency to use post (46%) and courier (42%). While all countries use email more than any other method, South Africa leads the way, with 95% of organisations mentioning email, and 54% saying they use PDF via email. Financial institutions in all three countries reported the highest fax use. tro Ways to communicate This survey provides an insight into how organisations prefer to communicate sensitive information, based on each method’s value in terms of security, ease of use, and cost. ec Why, who, what? The predominance of email in communicating sensitive data el Infographic summary
  • 5. OpenText survey Infographic summary Why, who, what? Ways to communicate Security satisfaction Data breaches Storing information About fax Are organisations satisfied with their electronic processes for communicating sensitive information? Paper fax is considered to be secure by 27% overall, with the highest positive response coming from the financial sector, at 30%. Electronic fax is trusted by 27% of respondents overall with the financial sector again showing the most confidence at 32%. Less than a quarter of healthcare and government respondents believe paper or electronic fax to be secure. In this question we looked specifically at electronic forms of data transmission, and asked respondents to rate how they viewed the security of each method on a scale of 1-5. We found that the majority of respondents are satisfied with the security of the methods they currently use to communicate sensitive information. Email is both the most used and the most highly rated data delivery option. Comparing sectors, our researchers found that 75% of finance and government and 66% of healthcare respondents believe that email is secure or very secure, while an average of 6% have concerns about security of email. Future plans UK respondents returned slightly lower scores than other countries in all areas, while Ireland provided the greatest number of “not secure” ratings. The perceived security of sending PDF via email is significantly lower than the perceived security of just sending standard email. Our findings show 49% and 50% of financial and healthcare respondents believe it to be safe (respectively), compared to only 42% of government respondents. Conclusion Key International Comparison Findings Satisfaction ratings were lower again for memory sticks with a third of respondents across all surveyed industries believing they are secure. Organisational policy IDG Connect is the demand generation division of International Data Group (IDG), the world’s largest technology media company. Established in 2005, it utilises access to 35 million business decision makers’ details to unite technology marketers with relevant targets from any country in the world. Committed to engaging a disparate global IT audience with truly localised messaging, IDG Connect also publishes market specific thought leadership papers on behalf of its clients, and produces research for B2B marketers worldwide. For more information visit: www.idgconnectmarketers.com We believe that how respondents rated these methods is likely to be influenced by the internal policies and how well they are applied within the organisation. In any organisation, there may well be clearer guidelines on the use of email than the use of fax, for example. While legislation and regulation threaten organisations with penalties for losing and misdirecting sensitive data, there is also help available to avoid problems. Organisations such as the UK Information Commissioner publish help on how to formulate policies to protect data across the enterprise. Fax is not considered to be a particularly secure option – though surprisingly electronic fax from the desktop is seen as less secure than paper fax overall. Yet according to our research, around a third of organisations are still using fax to communicate information. Do you believe the way your organisation communicates sensitive data electronically is secure? desktop fax 27% 33% 73% memory stick email @ secure not secure PDF paper fax 27% 46% PDF via email
  • 6. OpenText survey Infographic summary Why, who, what? Ways to communicate Security satisfaction Data breaches Storing information About fax Organisational policy Future plans Conclusion IDG Connect is the demand generation division of International Data Group (IDG), the world’s largest technology media company. Established in 2005, it utilises access to 35 million business decision makers’ details to unite technology marketers with relevant targets from any country in the world. Committed to engaging a disparate global IT audience with truly localised messaging, IDG Connect also publishes market specific thought leadership papers on behalf of its clients, and produces research for B2B marketers worldwide. For more information visit: www.idgconnectmarketers.com Is data security working? We asked organisations about their history of data breaches in the electronic transmission of sensitive information. Very few organisations told us they had suffered any form of breach in the last five years. Data breaches using different communication methods in the last five years There were no real trends in the responses, especially as the numbers are so low. No one method is considered by the respondents in the survey to be particularly unsafe, though email is both the most mentioned and most used option. The breaches were evenly spread across all three surveyed countries, and the numbers again are too low to ascribe any significance to the differences. In addition to the problems with misdirected faxes explained later, the UK has also seen laptops lost containing sensitive information, redundant hard drives sold on without their contents being wiped first, and even refurbished photocopiers turning up at auction complete with history from previous owners. A UK hospital that left sensitive information on redundant hard drives was fined £325,000 (about US$506,830) by the Information Commissioner. That’s a major dent in any healthcare sector budget. Other reports have found breaches caused by theft, loss, unauthorised access and distribution, combinations of human and technological error, and improper disposal. 4% 2% 1% <0.5% <0.5% 1% Several factors might influence for reticence in owning up to problems. Admission of breaches can lead to fines under some government legislation, as in the UK cases. While our survey is entirely voluntary, it has been mooted by industry experts that organisations might be deterred from notifying official bodies about security breaches because they cannot afford the consequences – especially in the public sector where expenditure is particularly closely scrutinised and widely debated. email post or courier At the same time, no public or commercial organisation is likely to welcome the attendant negative publicity it invites when a breach is discovered. other PDF via email The other explanation is that none of the organisations really has suffered a breach – which would explain the high satisfaction ratings we found with the way organisations share their information. memory stick fax
  • 7. OpenText survey Infographic summary Why, who, what? Ways to communicate Security satisfaction Data breaches Storing information About fax Organisational policy Future plans The state of information security in data storage Protecting data is not just about how it’s communicated. We also wanted to know how organisations felt about how they store data, be it in-house or through a third party. More than half of the organisations in our survey use content management systems (CMS) such as SharePoint and Content Server to store sensitive data. Other technologies commonly used to store data include automated backup, secure servers, SANs, encryption, print and file, computer desktop, and email folders. Many organisations combine technologies, mentioning that the choice is dependent on the data being stored. From a sector-by-sector perspective, CMS is mentioned most often by the financial respondents as a primary method of storage. Automated backups are slightly more common in government than in the other sectors. Print and file is used more in healthcare than in the other sectors. Nearly half of respondents believe that they face no challenges in document storage methods. Of those who did see challenges, the greatest number (22%) cited keeping up with demand. Meeting regulatory compliance was mentioned by just 14%. This suggests that organisations are content with their document storage processes and most believe they handle sensitive information well at present. Changing work practices may challenge organisations to reconsider how they protect stored data. The trend toward a bring-your-owndevice approach to business, increased IT outsourcing, and the growing interest in cloud computing could all have detrimental effects on data security if not addressed effectively. What are your challenges in data storage? no challenges Conclusion How do you store sensitive information? 48% content management system 17% 22% automated backup print and file 11% computer desktop email folders 2% other 2% 5% 55% IDG Connect is the demand generation division of International Data Group (IDG), the world’s largest technology media company. Established in 2005, it utilises access to 35 million business decision makers’ details to unite technology marketers with relevant targets from any country in the world. Committed to engaging a disparate global IT audience with truly localised messaging, IDG Connect also publishes market specific thought leadership papers on behalf of its clients, and produces research for B2B marketers worldwide. For more information visit: www.idgconnectmarketers.com keeping up with demand archiving and purging old documents accessibility 22% 14% 16% meeting regulatory compliance 17% 11% finding documents once filed controlling access
  • 8. OpenText survey Infographic summary Why, who, what? Ways to communicate Security satisfaction Data breaches Storing information About fax Organisational policy Future plans Is there a future for fax? Fax appears to have had its day, according to our respondents. Well under half of organisations expect to still be using fax in two years’ time. While 39% say they will still be using electronic fax, those who will be using paper fax (20%) will often only do so as a last resort. That there will be no use of fax in two years’ time is most mentioned by UK organisations. On the other hand, 9% mentioned faxing via the cloud, and electronic and cloud-based faxing was endorsed more in South Africa than anywhere in the survey. The results are not altogether surprising. The high-profile coverage of data breach fines incurred recently in the UK show that without effective policies in place, faxes can easily go astray. Recently UK County Council employees involved in childcare litigation accidentally sent faxes to the wrong recipients on two different occasions. The first was intended to be sent to a barristers’ chambers but reached a member of the public instead, while the second went to a law firm unrelated to the childcare case. Both contained highly sensitive information. In another incident, an NHS Trust providing public healthcare was fined £90,000 (about US $140,355) after personal data–including diagnoses–belonging to 59 patients was faxed to a member of the public 45 times over three months. The UK Information Commissioner said that the Trust simply did not have enough checks in place. Although perhaps not as widely provided as for email, there are guidelines available for safer faxing. They regularly focus on doublechecking numbers, phoning ahead to advise recipients that the fax is on its way, providing a cover sheet with the number of pages clearly marked, and instructions on what to do if the fax is received in error. Conclusion IDG Connect is the demand generation division of International Data Group (IDG), the world’s largest technology media company. Established in 2005, it utilises access to 35 million business decision makers’ details to unite technology marketers with relevant targets from any country in the world. Committed to engaging a disparate global IT audience with truly localised messaging, IDG Connect also publishes market specific thought leadership papers on behalf of its clients, and produces research for B2B marketers worldwide. For more information visit: www.idgconnectmarketers.com How will fax be used in your organisation in two years’ time? 42% 49% 41% 37% 23% 15% 13% Government Finance 45% 39% 25% Healthcare 9% 5% no fax paper fax in-house managed electronic fax fax through the cloud
  • 9. OpenText survey Infographic summary What influences organisational policy on communicating data safely? Why, who, what? Ways to communicate Security satisfaction Data breaches Storing information About fax Organisational policy Future plans We were interested to know what influences organisational policy on communicating sensitive data. The vast majority of respondents (85%) put compliance with data protection legislation and regulations at the top of their list, and more so in Ireland than any other country. About 5% said they had no policy. Around a third also talked about availability of staff, cost, and ease of use as factors. Cost featured more for the UK than for the other countries. Cost was more important in government than in the other sectors. South Africa reported the most organisations without any policies in place, and this may reflect the different rates at which the countries surveyed are developing legislation. Increasing regulation across all surveyed industries is likely to have an impact on policies and procedures in the future. Already, financial organisations are challenged by the constant threat of attempts at fraud, as well as the need to regulate their own behaviour in light of recent turmoil. In addition, if they wish to trade internationally, regardless of the legislation in their own countries, they will also need to take into account the demands of the nations in which they wish to operate. In healthcare and government there are rules in place in many countries to protect the privacy of the individual. For government there is also the balance of making information available when it’s requested, such as in the UK with the Freedom of Information Act, against the need to protect individuals’ right to privacy. Implementing policies and procedures is only half the battle. The UK Information Commissioner has observed that those regulations must be followed more closely on the ground. Conclusion IDG Connect is the demand generation division of International Data Group (IDG), the world’s largest technology media company. Established in 2005, it utilises access to 35 million business decision makers’ details to unite technology marketers with relevant targets from any country in the world. Committed to engaging a disparate global IT audience with truly localised messaging, IDG Connect also publishes market specific thought leadership papers on behalf of its clients, and produces research for B2B marketers worldwide. For more information visit: www.idgconnectmarketers.com What influences your organisational policy on how to communicate sensitive information? 82% 36% availability to staff ease of use 29% Finance data protection compliance cost 28% 91% 85% 28% 34% 25% Healthcare 22% 29% Government 35%
  • 10. OpenText survey Infographic summary Why, who, what? Ways to communicate Security satisfaction Data breaches Storing information About fax Organisational policy Future plans Conclusion IDG Connect is the demand generation division of International Data Group (IDG), the world’s largest technology media company. Established in 2005, it utilises access to 35 million business decision makers’ details to unite technology marketers with relevant targets from any country in the world. Committed to engaging a disparate global IT audience with truly localised messaging, IDG Connect also publishes market specific thought leadership papers on behalf of its clients, and produces research for B2B marketers worldwide. For more information visit: www.idgconnectmarketers.com What’s next on the agenda for organisations? toward cloud and hosted services. Such a move is likely to involve third-party providers, who will also need to ensure they can protect customer data effectively. Some 36% of the finance sector respondents plan to move in this direction over the next 12-24 months, with government (32%) and healthcare (20%) also showing some interest. In today’s continuing economic downturn it’s no surprise that cost reduction is top of the agenda for most organisations in the public and private sectors. Overall, 58% of respondents aim to reduce costs, with the finance sector (62%) and healthcare (61%) leading the way, and government showing slightly less urgency (52%). Many organisations have been working on cost efficiencies for some time already, and may feel they have little left they can do in this area. Improving customer service is also a priority – reflecting a key factor in competitive advantage in the private sector and the drive to meet the needs of the individual in the public sector. It’s finance (57%) that leads the way here, with healthcare not far behind (53%), followed by government (48%). Improving regulatory compliance is on the agenda for 41% (despite reasonable satisfaction on communication and storage we found earlier). Regionally, the UK is more cost conscious, while in Ireland the highest priority is customer service improvement. South Africa reported multiple priorities: cost reduction (59%), improved customer service (57%), improved regulatory compliance (42%), revenue growth (41%), automated processes (39%), and the strongest desire of our surveyed countries to move toward cloud and hosting (39%). The UK’s priorities are, in order: reduce costs (63%), improve customer service and improve regulatory compliance (both 44%), grow revenues (34%), automate processes (31%) and move to cloud or hosted services (24%). The need to grow revenues is not so high amongst our respondents (38%), but with about two thirds of our survey taking place in the healthcare and government sector, that number looks reasonable. For Ireland, 57% want to improve customer service, and 52% are planning to reduce costs. Growing revenues is a goal for 40%, while improving regulatory compliance is cited by 37%, and automating processes is important to 32%. Moving to cloud or hosted services is mentioned by 30%. The drive to become more cost-efficient specifically through automating processes is cited by 34% of our respondents. A significant proportion (31%) of organisations are planning a transition Business and technical objectives for the next 12-24 months 41% 46% 44% 36% 48% 57% 57% 42% 52% 61% 62% 34% 31% 20% 39% 33% 32% 28% reduce cost improve customer service grow revenue improve regulatory compliance automate processes Finance Healthcare Government move toward cloud or host services
  • 11. OpenText survey Infographic summary Organisations believe they are looking after sensitive data well Why, who, what? Ways to communicate Security satisfaction Data breaches Storing information About fax Organisational policy Future plans Conclusion IDG Connect is the demand generation division of International Data Group (IDG), the world’s largest technology media company. Established in 2005, it utilises access to 35 million business decision makers’ details to unite technology marketers with relevant targets from any country in the world. Committed to engaging a disparate global IT audience with truly localised messaging, IDG Connect also publishes market specific thought leadership papers on behalf of its clients, and produces research for B2B marketers worldwide. For more information visit: www.idgconnectmarketers.com Today, when businesses consider data security, it’s not just a matter of an individual or company’s right to privacy, but also of facing the growing raft of regulations that require compliance. Yet our research has found that most respondents are satisfied that the various electronic methods they use to communicate and store sensitive information are sufficiently secure. While we did ask about their history of data breaches, we’re not entirely surprised that very few respondents told us they had suffered in this way. Email is by far the most favoured method of communication for sensitive data, and it’s considered to be sufficiently secure by the majority of our respondents. Fax, on the other hand, is used by fewer organisations today, is considered to be less secure, and is likely to be phased out by many users over the next couple of years. As far as storage is concerned, content management systems are most popular, though how data is stored does often depend on its nature. Nearly half of the organisations we spoke to didn’t believe they had any challenges in data storage, and of those who did, it was keeping up with demand that was the leading issue, not compliance. If organisations are happy they are protecting data adequately, then the technology and the procedures around it must be working well. Most of the organisations we surveyed have data security policies in place, which are naturally influenced by compliance requirements. However, availability to staff, ease-of-use and cost also play roles in how organisations define their policies. While data protection compliance is an important organisational driver for the next 12-24 months, it’s still not considered as important for many as reducing costs or improving customer service. Organisations are also focusing on areas such as automating processes, increasing revenues, and changing their technology service delivery models to cloud or hosting environments. It will be interesting to see if and how this high level of satisfaction with data protection changes as organisations and their technologies evolve, should data protection legislation continue to be more rigorously applied.

×