2014 Data Protection
Maturity Survey
Results and Analysis

Chris Merritt | Solution Marketing
January 28, 2014

PROPRIETAR...
Data Privacy Day 2014
National Cyber Security Alliance
http://www.staysafeonline.org/data-privacy-day/

2
PROPRIETARY & CO...
Data Protection Maturity Survey
• What is the purpose of this survey?
• Why should organizations be concerned?
• How was i...
2014 Survey Results
Incidents (Compare)
Have you experienced any of the following incidents in the past year (even if your
security systems pr...
Access Policies (Compare)
Which of the following best describes your firm's policy for network access for
personal devices...
Technologies (2014 Only)
Which of the following technologies does your organization currently use, or plan to
deploy withi...
Technologies (Ranking)
Which of the following technologies does your organization currently use, or plan to
deploy within ...
Data Security is Strategic (Compare)
How much do you agree with this statement? "Data security is a strategic initiative
a...
Data Security is Strategic (Trend)
How much do you agree with this statement? "Data security is a strategic initiative
acr...
IT Security Budget (Compare)
How much of your IT budget is spent on IT security? Use your best estimate.

Average Pcts
201...
Resource Availability (Compare)
How much do you agree with this statement? "My organization has sufficient
resources to ac...
Resource Adequacy (Trend)
How much do you agree with this statement? "My organization has sufficient
resources to achieve ...
Organizational Motivation Trends
2012

2013

2014

Trend

Strategic
Avg

1.32

1.31

1.39

↑

Budget
Avg

6.13

5.63

6.09...
Regulatory Impact (2014 Only)
Is your organization compliant with the following regulations, or do you plan to be
complian...
Data Protection Guidelines (Compare)
Which of the following organizational guidelines are included in your employee
agreem...
Mobile Programs (Compare)
How are personal mobile devices, such as phones (and tablets), financially and
administratively ...
Mobile Programs (Trend)
How are personal mobile devices, such as phones (and tablets), financially and
administratively ma...
Training (Compare)
What type of data protection training is offered at your organization?

19
PROPRIETARY & CONFIDENTIAL -...
Data Protection Policies (Compare)
What type of IT data protection policies exist?

20
PROPRIETARY & CONFIDENTIAL - NOT FO...
Cloud Storage (2014 Only)
Do your employees use personal cloud storage
(e.g., Dropbox, iCloud, SkyDrive, etc.)?

21
PROPRI...
2014 Maturity Model
A Model for Data Protection Maturity

5000+

23
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
A Model for Data Protection Maturity

5000+

24
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Rising to the Challenge
Creating Policies
• Ad Hoc: Minimal or No Security Policies
• Optimal: Comprehensive & Exhaustive
...
Additional Information
DPD 2014 Resource Center
https://www.lumension.com/
2014-Data-Privacy-Day.aspx

Free Security Scann...
Global Headquarters
8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
info@lumension.com

PROPRIETARY...
Upcoming SlideShare
Loading in …5
×

2014 Data Protection Maturity Survey: Results and Analysis

857 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
857
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
24
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

2014 Data Protection Maturity Survey: Results and Analysis

  1. 1. 2014 Data Protection Maturity Survey Results and Analysis Chris Merritt | Solution Marketing January 28, 2014 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION source: http://ec.europa.eu/justice/data-protection/minisite/images/cartoon-users.jpg
  2. 2. Data Privacy Day 2014 National Cyber Security Alliance http://www.staysafeonline.org/data-privacy-day/ 2 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  3. 3. Data Protection Maturity Survey • What is the purpose of this survey? • Why should organizations be concerned? • How was it constructed? » Technical Controls contributes to 40% of the score • Considers not just controls in place but their effectiveness » Administrative Controls 25% of the score • Quantifies the impact of policies and non-technical controls » Organizational Motivation contributes 35% to the score • Assesses internal and external factors driving data protection • Maturity classifications » Optimal – Organizations that are characterized by best-of-breed data security » Operational – Organizations that demonstrate adequate or “good” security » Standardizing – Organizations that show some commitment and have some technical controls in place but are still working on data protection maturity » Ad Hoc – Organizations that merely react to security events as they occur 3 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  4. 4. 2014 Survey Results
  5. 5. Incidents (Compare) Have you experienced any of the following incidents in the past year (even if your security systems prevented compromise)? (Select all that apply). 5 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  6. 6. Access Policies (Compare) Which of the following best describes your firm's policy for network access for personal devices such as smart phones and tablets? 6 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  7. 7. Technologies (2014 Only) Which of the following technologies does your organization currently use, or plan to deploy within the next 24 months? 7 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  8. 8. Technologies (Ranking) Which of the following technologies does your organization currently use, or plan to deploy within the next 24 months? DRM (Digital Rights Management) Full DLP (Data Loss/Leak Prevention) DLP Lite (limited keyword / regex filtering) Application data encryption (e.g. database) Email encryption Whole disk encryption Port / Device control Mobile device management Removable media or file encryption Currently deployed 2014 2013 2012 9 9 9 8 8 7 7 7 8 6 6 6 5 4 5 4 3 3 2 2 2 3 5 4 1 1 1 Key: 1 = highest ranked 9 = lowest ranked 8 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION Plan to deploy 2014 2013 2012 7 6 8 3 1 9 1 3 2 6 3 4 4 8 5 5 6 6 9 3 3 2 2 1 7 9 6 2014 1 2 3 4 5 6 7 8 9 No plans 2013 1 3 2 4 5 6 7 9 8 2012 1 2 3 4 5 6 8 9 7
  9. 9. Data Security is Strategic (Compare) How much do you agree with this statement? "Data security is a strategic initiative across the enterprise." 9 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  10. 10. Data Security is Strategic (Trend) How much do you agree with this statement? "Data security is a strategic initiative across the enterprise." 10 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  11. 11. IT Security Budget (Compare) How much of your IT budget is spent on IT security? Use your best estimate. Average Pcts 2014 = 6.09% 2013 = 5.63% 2012 = 6.13% 11 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  12. 12. Resource Availability (Compare) How much do you agree with this statement? "My organization has sufficient resources to achieve compliance with data security policies and best practices." 12 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  13. 13. Resource Adequacy (Trend) How much do you agree with this statement? "My organization has sufficient resources to achieve compliance with data security policies and best practices." 13 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  14. 14. Organizational Motivation Trends 2012 2013 2014 Trend Strategic Avg 1.32 1.31 1.39 ↑ Budget Avg 6.13 5.63 6.09 ≈ Resource Avg 0.77 0.68 0.57 ↓ 14 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  15. 15. Regulatory Impact (2014 Only) Is your organization compliant with the following regulations, or do you plan to be compliant within the next 24 months? 15 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  16. 16. Data Protection Guidelines (Compare) Which of the following organizational guidelines are included in your employee agreements? (Select all that apply) 16 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  17. 17. Mobile Programs (Compare) How are personal mobile devices, such as phones (and tablets), financially and administratively managed within your enterprise? (Select all that apply) 17 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  18. 18. Mobile Programs (Trend) How are personal mobile devices, such as phones (and tablets), financially and administratively managed within your enterprise? (Select all that apply) 18 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  19. 19. Training (Compare) What type of data protection training is offered at your organization? 19 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  20. 20. Data Protection Policies (Compare) What type of IT data protection policies exist? 20 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  21. 21. Cloud Storage (2014 Only) Do your employees use personal cloud storage (e.g., Dropbox, iCloud, SkyDrive, etc.)? 21 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  22. 22. 2014 Maturity Model
  23. 23. A Model for Data Protection Maturity 5000+ 23 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  24. 24. A Model for Data Protection Maturity 5000+ 24 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  25. 25. Rising to the Challenge Creating Policies • Ad Hoc: Minimal or No Security Policies • Optimal: Comprehensive & Exhaustive Enforcing Policies • Ad Hoc: Limited Technical Controls • Optimal: Robust Technical Controls Educating Staff • Ad Hoc: One-Time or No Training • Optimal: On-Going, Formal Training 25 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  26. 26. Additional Information DPD 2014 Resource Center https://www.lumension.com/ 2014-Data-Privacy-Day.aspx Free Security Scanner Tools » Application Scanner – discover all the apps being used in your network » Device Scanner – discover all the devices being used in your network https://www.lumension.com/resources/ premium-security-tools.aspx Reports » 2014 Data Protection Maturity Report https://www.lumension.com/resources/ free-content/Lumension-2014-Data-ProtectionMaturity-Report.aspx » SC Magazine Security Brief - Under the Radar https://www.lumension.com/resources/ free-content/SC-Magazine-Security-Brief-Under-the-Radar.aspx 26 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
  27. 27. Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 info@lumension.com PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

×