Insiders with too much access are the most likely cause of data leakage. Despite a growing number of data breaches occurring under the glare of the public spotlight, 71 percent of employees in a survey conducted by the Ponemon Institute report that they have access to data they should not see, and more than half say that this access is frequent or very frequent.
The findings of this Varonis-sponsored survey are derived from interviews conducted in October 2014 with 2,276 employees in the US, UK, France, and Germany. Respondents included 1,166 IT practitioners and 1,110 end users in organizations ranging in size from dozens to tens of thousands of employees, in a variety of industries including financial services, public sector, health & pharmaceutical, retail, industrial, and technology and software.
11. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL11
4 in 5 IT practitioners
say their organizations
don't enforce a
strict least-privilege
(or need-to-know)
data model.
14. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL14
Only 22% of employees
say their organization
can tell them what
happened to lost data,
files, or emails.
15. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL15
So about 78% of
organizations don’t
seem to be watching
very closely.
16. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL16
In a nutshell, employees have access to a lot of
data they don’t need, and no one is watching
what they’re doing – do I have that right?
18. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL18
The failure of
companies to create and
enforce a least-privilege
model – especially for
confidential or sensitive
data like credit card
numbers or health
records – will most
certainly lead to more
breaches and loss of
critical data.
19. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL19
So poor controls will lead to more breaches.
No surprise there. Is that all?
20. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL20
Not quite. In the
Ponemon study,
most end users and
IT practitioners believe
their organization would
overlook security risks
before they would
sacrifice productivity.
21. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL21
So employees must be
really productive, right?
(If security is so lax…)
23. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL23
73% of end users
believe the growth of
emails, presentations,
multimedia files and
other types of company
data has significantly
affected their ability to
find and access data.
25. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL25
60% of IT practitioners
say it is very difficult or
difficult for employees to
search and find company
data or files they or their
co-workers have created
that isn't stored on their
own computers.
26. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL26
That’s certainly counter-productive –
what about getting access to data?
27. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL27
43% of end users say
it takes weeks, months,
or longer to be granted
access to data they
request access to in
order to do their jobs.
28. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL28
Only 22% report
that access is typically
granted within minutes
or hours.
31. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL31
68% of end users
say it is difficult or
very difficult to share
appropriate data or files
with business partners
such as customers
or vendors.
33. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL33
43% of employees prefer
to use public cloud file
sync and share services
to share data, which
means it’s more popular
than any platform other
than email.
34. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL34
76% of end users
believe there are times
when it is acceptable
to transfer work
documents to their
personal devices…
38. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL38
So how important is this data we’re talking about that:
we aren’t
protecting well
and can’t really find
anymore or share easily
and storing in the
public cloud when
we feel like it
(even though
IT doesn’t think
we should?)
39. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL39
76% of end users
say their job requires
them to access and use
proprietary information
such as customer data,
employee records,
financial reports,
and confidential
business documents.
41. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL41
44% of end users
believe their organization
experienced the loss
or theft of company data
over the past two years.
42. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL42
67% of IT staff say their
organization experienced
the loss or theft of
company data over
the past two years.
43. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL43
74% believe that
insider mistakes,
negligence, or malice
are frequently or very
frequently the cause of
leakage of company data.
46. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL46
Only 22% of
employees believe
their organizations
as a whole place a
very high priority
on the protection
of company data.
47. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL47
Only 47% of
IT practitioners believe
employees in their
organizations are taking
appropriate steps to
protect company data
they have access to.
49. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL49
Ponemon Conclusion
An organization that reduces the amount of
data employees have access to (by implementing
a least-privilege access model, improving data
disposition policies or ideally both) and streamlines
their processes for granting access will likely benefit
from more productive employees.
From: Corporate Data: A Protected Asset or a Ticking Time Bomb?
50. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL50
Could you reduce risk and increase productivity?
FIND OUT.
http://info.varonis.com/assessment
52. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL52
Methodology
The survey report,
"Corporate Data: A Protected Asset or a Ticking Time Bomb?"
is derived from interviews conducted by the Ponemon Institute
in October 2014 with 2,276 employees in the United States,
United Kingdom, France, and Germany.
Respondents included 1,166 IT practitioners and 1,110 end users
in organizations ranging in size from dozens to tens of thousands
of employees, in a variety of industries including financial services,
public sector, health & pharmaceutical, retail, industrial, and
technology and software.
53. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL53
About Ponemon
Ponemon Institute
Advancing Responsible Information Management
Ponemon Institute is dedicated to independent research and education that advances responsible
information and privacy management practices within business and government. Our mission is to
conduct high quality, empirical studies on critical issues affecting the management and security of
sensitive information about people and organizations.
As a member of the Council of American Survey Research Organizations (CASRO),
we uphold strict data confidentiality, privacy and ethical research standards. We do not collect
any personally identifiable information from individuals (or company identifiable information in
our business research). Furthermore, we have strict quality standards to ensure that subjects
are not asked extraneous, irrelevant or improper questions.
54. VARONIS SYSTEMS. PROPRIETARY & CONFIDENTIAL54
About Varonis
Varonis is the leading provider of software solutions for unstructured, human-generated enterprise data.
Varonis provides an innovative software platform that allows enterprises to map, analyze, manage and
migrate their unstructured data. Varonis specializes in human-generated data, a type of unstructured data
that includes an enterprise's spreadsheets, word processing documents, presentations, audio files, video
files, emails, text messages and any other data created by employees. This data often contains an
enterprise's financial information, product plans, strategic initiatives, intellectual property and numerous
other forms of vital information. IT and business personnel deploy Varonis software for a variety of use
cases, including data governance, data security, archiving, file synchronization, enhanced mobile data
accessibility and information collaboration. As of September 30, 2014, Varonis had approximately 3,000
customers, spanning leading firms in the financial services, public, healthcare, industrial, energy & utilities,
technology, consumer and retail, education and media & entertainment sectors.
Join the Varonis conversation on Facebook, LinkedIn, Twitter, and YouTube
and subscribe to our Metadata Era blog.