Businesses need to do much more to make sure their security keeps pace with the growing complexity of their data, according to IDC.
Organisations' security must reflect the increasingly collaborative nature of business, and the dangers that result from it, the analsyt firm said.
Speaking yesterday at the IDC security conference in London, Eric Domage, research director at the analyst house, told an audience of security managers: “Connectivity used to be the business enabler, but now collaboration on a vast scale is the big thing.
“Your businesses are collaborating internally between departments around the world, and externally with all sorts of partners, customers, regulators and stakeholders. Your information is everywhere and your security needs to match up.”
Businesses must have a mixture of the right processes, governance and technology, Domage said.
“Your approach must be focused on the network, the users and the data in question,” he added. “You have to know your level of trust of users and other people your business collaborates with.”
He said that a complete security stack was needed, right from traditional perimeter security, anti-virus and data encryption, to more advanced data loss prevention (DLP) strategies which fully monitor the storage and movement of information.
But many businesses failed to recognise the importance of DLP. “Most organisations are still going after events instead of preventing them,” he said. “Proper data loss prevention involves discovery of your data assets; classification, qualification and tagging of data; monitoring of data; enforcement of policy; and reporting transparently what happens to your data.”
Implementing a DLP strategy was particularly vital when over half of organisations have less than 10 percent of their endpoints protected, according to IDC research. Around 51 percent of businesses plan to implement DLP in the next one to three years, Domage noted.
Other IDC research showed over seven in 10 businesses had experienced a laptop theft, but over 38 percent of these were unable to qualify the level of risk this posed to their corporate data.
Tom Raschke, security product manager at vendor Verizon, agreed that with businesses holding complex of data in multiple locations, “people need to keep their eyes on the data at stake, not just the network”.
“It’s the data, after all, that the hackers are after,” he said.
Verizon's annual data breach report, published in April, showed that 87 percent of attacks were avoidable through “simple security controls”. Some 74 percent of attacks came from external sources, the report found.