May 10, 2011

41% carry unprotected sensitive information on mobile devices

41 percent of what should be a security savvy audience are carrying sensitive information on mobile devices unprotected, according to Origin Storage.


In fact, 19 percent revealed that their organization had suffered a data breach following the loss of a portable device (i.e. laptop, USB, CD) with 54 percent confessing the device had not been encrypted – an offense under the Data Protection Act and subject to regulatory action by the ICO, were it made aware.

With 70 percent of organizations making data encryption mandatory, 11 percent of those respondents carrying sensitive information unprotected are actually breaching their organization’s data protection efforts while the other 30 percent are simply following their organizations woefully inadequate example.

When digging a little deeper the study, amongst IT security professionals at Infosecurity Europe, uncovered a 37 percent of respondents who confessed that between 81 and 100 percent of all sensitive data stored on their device(s) was actually left unprotected – so not just one or two documents transferred in a hurry.

Andy Cordial, Origin’s managing director, explains, “When you consider the level of knowledge this audience is assumed to have, working in IT and having some form of security remit, yet the lax protection used for sensitive data, it’s hardly surprising data breaches are increasing in frequency and especially recently in size. I’m astounded that 30 percent of organisations are still oblivious to the Data Protection Act and the recommendation from the Information Commissioner that encryption be used to protect sensitive information.”

The problem of sensitive data isn’t restricted to any particular device as 67 percent use laptops, 52 percent USBs, 33 percent still rely on CDs with 52 percent using another form of portable storage device.

A final startling revelation is that just 36 percent of visitors felt that FIPS certification is ‘a must’ for encryption technology.

Andy concludes, “The ICO recommends any solution should meet FIPS 140-2 yet 31 percent of our sample flippantly state that it ‘doesn’t matter’. Certification is the only ‘proof’ that the product actually does what the company ‘claim’ it does. It’s not just me saying this because our products have the certification as there have been incidences where products have fundamental design problems, or even companies that have made false claims. My advice – don’t leave security to chance. Lock it down with something that’s actually proven to work or there is a strong possibility you’ll be crying over spilled data.”

No comments:

Post a Comment