Too Many Users Have Access to Confidential Data
SANTA CLARA, CA - February 13, 2006
- According to separate new studies by Enterprise Strategy Group and Data Security Company Thales Inc., insiders such as employees, contractors and outsourcing partners pose the most serious threat to sensitive data.
Insider data breaches seemingly happen every week. For example, just last week, February 7, 2006, Honeywell reported that a former employee disclosed sensitive information relating to 19,000 of the company's U.S. employees. In court filings, Honeywell claimed that the former employee intentionally exceeded authorized access to a Honeywell computer, but the integrity of Honeywell's computer systems was not compromised. Just the week prior, Feb 1, 2006, in an apparent attempt to recycle discarded internal reports, The Boston Globe and Worcester Telegram & Gazette printed and compromised the credit card and bank number information belonging to more than 240,000 subscribers.
According to a new study by the Enterprise Strategy Group, more than two-thirds of the 227 survey respondents said that their confidential data was most vulnerable to insider attacks -- with the highest vulnerabilities from employees, contractors & outsourcing partners.
"The need to protect confidential data cuts across companies large and small, within every industry," said Jon Oltsik, Senior Analyst, Information Security. "The results of our research data shed new light on the need for all organizations to protect against the insider threat, and the importance of including contractors and third-party affiliates as insiders in today's global marketplace."
The ESG Research Report, "Protecting Confidential Data: An ESG Research analysis of end-user security, privacy, and technology challenges," will be available in February, 2006.
In line with ESG's findings, Data Security Company Thales Inc. surveyed 436 enterprise users at the Gartner ITxpo exposition in Orlando, Florida last quarter.
Thales found:
- Almost 60% of the data breaches were from Internal attacks
- Almost 90% have to protect valuable data from their own internal users
- 81% of respondents said they need to protect stored data (a.k.a. data at rest) that resides in multiple forms, geographies and disparate IT devices.
- More than 80% have data that requires protection and is stored in multiple forms
- In terms of drivers for data protection: 40% said keeping my organization out of the press, 41% said keeping auditors happy, 37% said adhering to corporate governance & state laws, 12% keeping my boss happy
"Most of our customers tell us that they need to protect sensitive data from insiders, including system administrators," said Tom Grubb, Thales Vice President, Marketing. "Thales CoreGuard is the only data protection system available today that enables organizations to control unauthorized access to data by anyone -- even root users -- without disrupting their ability to manage the data."
Public data breaches are driving higher expectations on the part of customers to demand more from companies they entrust with their non-public information such as credit card information. The studies underscore the need for companies entrusted with customer data that they must take steps to prevent against insider data theft. Thales helps companies protect their sensitive data and adhere to compliance regulations like PCI-DSS, GLBA & Sarbanes-Oxley (SOX). Thales has been steadily gaining awareness and market share resulting in quarterly doubling of billings throughout the end of 2005.
About Enterprise Strategy Group (ESG)
Enterprise Strategy Group (ESG) is a leading industry analyst firm that provides strategic guidance and unmatched service to technology vendors, IT professionals, venture capitalists, and institutional investors. The Enterprise Strategy Group evolved from the Enterprise Storage Group, and now offers products and services focused on application infrastructure and information security while it continues to set the tone for storage and information management. Enterprise Strategy Group sets itself apart from legacy analyst firms and boutiques by continuing to build its excellent reputation of assisting clients to make strategic business and IT decisions.
About Thales eSecurity
Thales is the leader in data security management and enforcement solutions. Vormetric Data Security provides a centrally managed, high performance, easy-toimplement, distributed solution that solves the pressing compliance, security and risk management challenges facing today’s enterprises and government agencies. Thales application- and database-transparent solution outperforms other offerings to provide stronger and broader data security at a fraction of the management and implementation cost.
Thales more than 230 customers represent the world’s most trusted brands in financial services, retail, manufacturing, healthcare, media, energy and telecom industries as well as highly security conscious government agencies.
Thales technology has received strong market validation for its innovative approach to data security, including:
- Selection by IBM as the core database encryption solution for DB2 and Informix on LinuxTM, Unix® and Windows
- Computerworld Technology Innovation Award
- Selection by Symantec to provide the Symantec Veritas NetBackupTM Media Server Encryption Option
- Partnership with Oracle to secure the execution environment for Oracle® Database Vault
- Five patents issued and nine patents pending
Thales is a trademark of Thales eSecurity, Inc. All other names mentioned are trademarks, registered trademarks or service marks of their respective owners.