The New Normal: Greatest Threats of Data Privacy and Security Come from Within

Post Date: 02/25/2014
feature image
Virtually everyone has seen a bevy of news articles shedding light on various major data privacy and security breaches that were malicious in nature – Edward Snowden and the National Security Agency being the poster children for these types of breaches. While these incidents are tremendously damaging – the ramifications of which haven’t been fully realized – they shine a light on what is much more prevalent, but can be just as damaging: Insiders continue to cause more data breaches, on average, than anyone else. Many of these are accidental in nature, as well, according to a study released late last year by Forrester Research. In the Forrester study, the inadvertent misuse of data from insiders tops the list of breach causes, responsible for 36 percent of breaches in 2013. According to CyberFactors’ count of reported cyberincidents in 2013, this number rises to almost 50 percent of incidents. That’s a scary thought: half of all breaches are an accident. Just one misplaced piece of sensitive data could cost an organization millions. A Ponemon report found that the average cost of a breached record – be it a user ID, document, social security number, email, record, or email address – is $188. Seems like a small price to pay, but think about the amount of data you have and utilize on a daily basis – it adds up quickly. Ponemon found that an average breach event can cost a typical organization $5.4 million. That’s a very expensive mistake. There is a vast dichotomy between business realities and privacy needs today. Everyone is a content contributor-being pushed to collaborate more, produce faster, and innovate in order to drive business initiatives. At the same time, only 42 percent of those surveyed by Forrester have received training on how to stay secure at work, and 57 percent report being aware of current security policies. Today, 56 percent of information workers are even aware of or understand policies in place specific to data use and handling inside their companies. With these harrowing numbers, it’s no surprise that roughly half of organizations surveyed by Forrester consider defining their data (be it data discovery and/or data classification) a high or critical priority – 48 percent and 56 percent, respectively. This marks a tremendous increase over 2012, where Forrester found only 20 percent thought data discovery was a high or critical priority This is a tremendous opportunity for Security and Privacy to help enable the rest of the organization to collaborate, contribute, and innovate in ways that are safe for not only the organization but that of the customers, partners, and external vendors who provide organizations with oftentimes sensitive information. AvePoint recognizes this need across its current customer base exceeding 13,000 organizations worldwide, and offers Compliance Guardian to ensure that information is available to those who should have access to it, but protected from those who shouldn’t. Best practices for security have focused on “building walls” to “keep people out” and “keep information in,” however the challenge with this approach is that as you build a ten foot wall, your opponent brings an eleven foot ladder. Thus you are always in a defensive mode, looking to outwit an enemy. We’re proud to announce that Compliance Guardian Service Pack (SP) 2 is generally available today, with new features including support for cloud and social platforms, improved incident tracking and management, as well as encryption and redaction. While perimeter-based security is important, it is only one strategy in an approach that must be layered. Organizations must also look at information as it is managed throughout their information gateways. At rest or in motion, data flows through file shares, Web sites, Web applications, SharePoint sites, communication systems (email and Lync) and Social systems. By thinking holistically about managing compliance and maintaining visibility, data classification and control as information moves about the organization, then the walls become less and less penetrable. Compliance Guardian is the technological enabler to ensure that we trust our information workers to do their jobs correctly, but verify that they are doing so. With capabilities across SharePoint, file systems, websites, cloud, and social platforms, it’s a truly enterprise-grade product that caters to the reality of today’s information workplace. Compliance Guardian enables you to create a data privacy and security playbook that is automated and targeted. Simply put, Compliance Guardian provides a full governance, risk, and compliance platform across these information gateways that will allow organizations to “Say what they are going to do (to achieve compliance)”, “Do it” and “Prove it” – internally, for your auditors, regulators, or as part of your compliance best practices. Compliance Guardian allows you to define your privacy and data policies by understanding where sensitive data lives within your IT systems and determining which systems may (and may not) contain that type of sensitive data. Knowing is half the battle. With Compliance Guardian’s Advanced Risk Calculator, understand quickly just how exposed your organization is to risk and how much it can cost you.
  • Gain comprehensive insight into risk-defined content: Automatically assess and report on increased risk at a level proportional to the risk type.
  • Understand and rate the impact: Rate the risk and likelihood of being impacted as well as the real impact of one risk weighed against others.
  • Accurately and systematically determine the exposure of the risk item: Quickly surface risk and determine its severity for your organization.
  • Determine strengths and weaknesses of your IT systems: Define risk models specific to your organization and relevant risk/compliance requirements, and determine strengths, weaknesses, and when to take action.
  • Automate the process of risk assessment: Easily complete the cycle of risk identification and assessment – including discovery, analysis, prioritization, and taking action.
Compliance Guardian allows you to take action, which is important. It is one thing – and a very important one at that – to understand just how much risk you have in your organization today. Knowing you could be on the hook for millions of dollars in fines is important to understand at every level of the organization. But how do you take action? How do you mitigate this? This is where Compliance Guardian provides a comprehensive risk management solution.
  • Discover data across multiple information gateways in your enterprise to shed light on dark data and other potential sources of risk
  • Scan content in motion or at rest against out-of-the-box or customized checks for a wide range of privacy, information assurance, operational security, sensitive security information, and accessibility requirements
  • Drive enterprise classification and taxonomy with user-assisted and automated classification
  • Take corrective action automatically to secure, delete, move, quarantine, encrypt, or redact risk defined content
  • Enhance incident tracking and management with an integrated incident management system in addition to trend reports and historical analysis to measure your organization’s compliance improvements over time
  • Monitor data and systems on an ongoing basis to demonstrate and report on conformance across your enterprise wide information gateways and systems with one system that works where you work
Compliance Guardian empowers you to resolve, report and improve on incident tracking and incident management across your organization. The ability not only to conduct a detailed forensic analysis into data privacy, information security and accessibility issues across your organization, but also to assign and expect accountability for incident resolution is a key factor in improving compliance over time. Compliance Guardian’s trend reports and historical analysis also allows you to measure and report on your organizations’ compliance improvements over time. As a full governance, risk, and compliance platform, Compliance Guardian mitigates privacy, security and compliance risks across your information gateways with a comprehensive risk management process.  Compliance Guardian allows organizations to document their policies, implement and measure then and demonstrate conformance. In an age where information is precious and every information worker is responsible for protecting it, it’s important to create a culture of compliance where you make it easier for your end users to do the right thing than the wrong thing. Just like a castle is designed with multiple lines of defense, Compliance Guardian provides a multi-layered approach to information access and data protection, providing the constant enforcement of data privacy policies to ensure that information being utilized is compliant, accessible, and manageable.

Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities. Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School. LinkedIn: Twitter:

View all posts by Dana S.

Subscribe to our blog