Corporate information stored on file servers and network attached storage (NAS) devices represents a major security risk because many organisations’ IT governance policies and access rules are incapable of dealing with a massive growth of unstructured data,
That is the stark warning of a new report from the Ponemon Institute. It surveyed 870 IT professionals and found that only 23% believe unstructured data stored by their companies is properly secured and protected.
A wide majority - 84% -- of respondents said that too many workers at their companies can access critical corporate unstructured data. About 76% said their companies have no process in place to control which employees can access specific unstructured data. Such unchecked access could expose internal security gaps and increase the potential for misuse of data, the study notes.
Varonis Systems, a maker of data governance software, funded the survey.
Larry Ponemon, chairman of the research firm, noted that IT managers say that it's difficult to find automated access control processes that can determine the importance of information the moment it's created.
Some 61% of respondents said they cannot keep track of which users access specific unstructured data, and 91% said their organisations lack the ability to determine data ownership because of faulty governance policies and a lack of available storage tools that can remedy the problem.
While IT managers continue to spend significant sums of money on storage technology to hold rapidly increasing amounts of structured data, many admit that the complexity of unstructured data creates a security challenge, said Ponemon.
"What we find is not that they won't spend money on it, but they really don't know how to [resolve the issue] because of the complexity; it's a knowledge issue," said Ponemon.
The respondents said that without adequate controls for unstructured data, the most significant potential problems are insider negligence and deliberate misuse or theft of information from within an organisation.
For the study, Ponemon defined unstructured data as electronic information residing on file servers and NAS devices that is not stored in a database or in a document/content management system. He said it can include: e-mail, instant messages, Microsoft Word documents; PowerPoint files; electronic spreadsheets; and source code.