Corporate Data: A Protected Asset or a Ticking Time Bomb?

VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL

VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL2
What do over 2000 IT staff & end users
have to say about internal security risks
in their workplaces?

According to a recent
survey conducted by
The Ponemon Institute…

71% of end users say
that they have access
to company data they
should not see.

That’s bad.

54% of those end
users characterize that
access as frequent or
very frequent.

That’s worse.
How much data are we talking about here?

38% of end users
report that they and
their co-workers can
see "a lot of data".

Why is that?

4 in 5 IT practitioners
say their organizations
don't enforce a
strict least-privilege
(or need-to-know)
data model.

That’s bad, too.

But they’re watching
what employees are
doing though, right?

Only 22% of employees
say their organization
can tell them what
happened to lost data,
files, or emails.

So about 78% of
organizations don’t
seem to be watching
very closely.

In a nutshell, employees have access to a lot of
data they don’t need, and no one is watching
what they’re doing – do I have that right?

Yup

The failure of
companies to create and
enforce a least-privilege
model – especially for
confidential or sensitive
data like credit card
numbers or health
records – will most
certainly lead to more
breaches and loss of
critical data.

So poor controls will lead to more breaches.
No surprise there. Is that all?

Not quite. In the
Ponemon study,
most end users and
IT practitioners believe
their organization would
overlook security risks
before they would
sacrifice productivity.

So employees must be
really productive, right?
(If security is so lax…)

Wrong.

73% of end users
believe the growth of
emails, presentations,
multimedia files and
other types of company
data has significantly
affected their ability to
find and access data.

That’s weird –
does IT know that employees can’t find data?

60% of IT practitioners
say it is very difficult or
difficult for employees to
search and find company
data or files they or their
co-workers have created
that isn't stored on their
own computers.

That’s certainly counter-productive –
what about getting access to data?

43% of end users say
it takes weeks, months,
or longer to be granted
access to data they
request access to in
order to do their jobs.

Only 22% report
that access is typically
granted within minutes
or hours.

That’s pretty bad,
too.

What about being able to
share data easily?

68% of end users
say it is difficult or
very difficult to share
appropriate data or files
with business partners
such as customers
or vendors.

How would they prefer to share data?

43% of employees prefer
to use public cloud file
sync and share services
to share data, which
means it’s more popular
than any platform other
than email.

76% of end users
believe there are times
when it is acceptable
to transfer work
documents to their
personal devices…

…while only 13% of
IT practitioners agree.

So end users are sort of doing their own thing…

Yup

So how important is this data we’re talking about that:
we aren’t
protecting well
and can’t really find
anymore or share easily
and storing in the
public cloud when
we feel like it
(even though
IT doesn’t think
we should?)

76% of end users
say their job requires
them to access and use
proprietary information
such as customer data,
employee records,
financial reports,
and confidential
business documents.

So pretty much the
most important
data imaginable.

44% of end users
believe their organization
experienced the loss
or theft of company data
over the past two years.

67% of IT staff say their
organization experienced
the loss or theft of
company data over
the past two years.

74% believe that
insider mistakes,
negligence, or malice
are frequently or very
frequently the cause of
leakage of company data.

Shocker

So everyone is frantically fixing everything, right?

Only 22% of
employees believe
their organizations
as a whole place a
very high priority
on the protection
of company data.

Only 47% of
IT practitioners believe
employees in their
organizations are taking
appropriate steps to
protect company data
they have access to.

Not so much

Ponemon Conclusion
An organization that reduces the amount of
data employees have access to (by implementing
a least-privilege access model, improving data
disposition policies or ideally both) and streamlines
their processes for granting access will likely benefit
from more productive employees.
From: Corporate Data: A Protected Asset or a Ticking Time Bomb?

Could you reduce risk and increase productivity?
FIND OUT.
http://info.varonis.com/assessment

Free Guide:
6 Tactics for Preventing
Insider Threats
Download here:
http://info.varonis.com/
insider-threats-guide

Methodology
The survey report,
"Corporate Data: A Protected Asset or a Ticking Time Bomb?"
is derived from interviews conducted by the Ponemon Institute
in October 2014 with 2,276 employees in the United States,
United Kingdom, France, and Germany.
Respondents included 1,166 IT practitioners and 1,110 end users
in organizations ranging in size from dozens to tens of thousands
of employees, in a variety of industries including financial services,
public sector, health & pharmaceutical, retail, industrial, and
technology and software.

About Ponemon
Ponemon Institute
Advancing Responsible Information Management
Ponemon Institute is dedicated to independent research and education that advances responsible
information and privacy management practices within business and government. Our mission is to
conduct high quality, empirical studies on critical issues affecting the management and security of
sensitive information about people and organizations.
As a member of the Council of American Survey Research Organizations (CASRO),
we uphold strict data confidentiality, privacy and ethical research standards. We do not collect
any personally identifiable information from individuals (or company identifiable information in
our business research). Furthermore, we have strict quality standards to ensure that subjects
are not asked extraneous, irrelevant or improper questions.

About Varonis
Varonis is the leading provider of software solutions for unstructured, human-generated enterprise data.
Varonis provides an innovative software platform that allows enterprises to map, analyze, manage and
migrate their unstructured data. Varonis specializes in human-generated data, a type of unstructured data
that includes an enterprise's spreadsheets, word processing documents, presentations, audio files, video
files, emails, text messages and any other data created by employees. This data often contains an
enterprise's financial information, product plans, strategic initiatives, intellectual property and numerous
other forms of vital information. IT and business personnel deploy Varonis software for a variety of use
cases, including data governance, data security, archiving, file synchronization, enhanced mobile data
accessibility and information collaboration. As of September 30, 2014, Varonis had approximately 3,000
customers, spanning leading firms in the financial services, public, healthcare, industrial, energy & utilities,
technology, consumer and retail, education and media & entertainment sectors.
Join the Varonis conversation on Facebook, LinkedIn, Twitter, and YouTube
and subscribe to our Metadata Era blog.

VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL
Thank You
Name
Email Address
Phone Number

Corporate Data: A Protected Asset or a Ticking Time Bomb?

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Corporate Data: A Protected Asset or a Ticking Time Bomb?

Similar to Corporate Data: A Protected Asset or a Ticking Time Bomb? (20)

Recently uploaded

Recently uploaded (20)

Corporate Data: A Protected Asset or a Ticking Time Bomb?