Varonis says workplace consumerisation of technology highlights dangers of data portability
September 2011 by Varonis
Varonis Systems Inc., Research just released shows that almost two-thirds of IT professionals are concerned about security issues associated with the use of personal devices in the workplace and highlights the fact that data in the digital age has become as portable as the devices it is stored on, says Varonis Systems.
According to David Gibson, director of technical marketing and strategic accounts with the the provider of comprehensive data governance software, this major study highlights the fact that almost 90 per cent of employees use their own laptops, tablet computers and mobile phones for work-related tasks, it’s clear that companies now need to keep track of their data as never before.
“We’ve been monitoring this issue for a number of years and it’s undoubtedly getting worse from a security perspective. Mobile devices offer very tempting productivity gains: it’s natural for employees to want take files out of central data stores, work on them, and then move them back into the organization, but this extends and exacerbates the common vulnerabilities that are still big problems on the core collaboration infrastructure. Employees usually have too much access to file shares, SharePoint, Exchange mailboxes and public folders, and can freely download data to their workstations without any record. With the expanding memory on tablets and smartphones (16 and 32 gigabytes is fast becoming standard) – It’s easy to take more data further outside the core, where there are even fewer controls,” he said.
“In order to collaborate securely on the core infrastructure, organizations need to know which data is active, who is using it, who has access to it, and which is sensitive. This is data governance 101 material, but it’s an area that is often missed by hard-pressed IT security managers - until something goes wrong. If the core isn’t well managed and protected, collaboration with mobile devices will be even harder to control.” he added.
Gibson continued, the risk associated with the portability of data can be dramatically minimized by ensuring that access to sensitive data is limited long before it makes it onto any of today’s portable devices. Organizations have been challenged to do this in the past because many fundamental controls, like access auditing and metadata analysis have been missing, and the manual processes to limit access to data have often relied on IT personnel to make access control decisions instead of data owners. Unaudited, overly permissive access naturally allows personnel to move accessible data onto all the devices they use to complete their work/digitally collaborate.
Gibson went on to say that, whilst the prospect of seeing their company data floating about on employee’s portable devices is bad enough to give the average IT security manager a headache, the real migraines start when you realise the immense volumes of data that are produced – and added to – every single day in the typical business environment.
And this, says the Varonis director of technical marketing and strategic accounts, is where an automated data governance system really comes into its own, as these types of systems can not only audit and log the distribution – plus usage – of an enormous volume of unstructured data, they can alert key members of staff in real time when something unusual happens.
If the sales manager, for example, who is about to go on annual leave, suddenly and unexpectedly transfers the contents of the main marketing share - lock, stock and barrel - from the file server or SharePoint site to his laptop, alarm bells should start ringing, adds Gibson, who points out that, if the data is dumped from an unstructured file storage facility, it is almost impossible to know what data, exactly, has been transferred out of the control of the business.
“With today’s large mobile drives and gigabit Ethernet, major swathes of company data can be transferred in a relatively short space of time. And that data then simply walks out of the door on the member of staff’s laptop or tablet computer,” he said.
“This research, which was conducted by Dell Kace, took in the responses of 750 key IT security professionals and shows that they are worried about the rise of what some people are calling the consumerisation of IT in the workplace. The conclusions of this report should also act as a wake-up call to IT security professionals about what is happening to their organisation’s data in the modern world,” he added.