Digital Transformation

Access management for data ‘is not keeping up with changing technology’

Businesses may not be doing enough to manage access to critical data.

Modern workplaces are changing rapidly, thanks to the ‘bring your own device’ trend and even more people telecommuting rather than sitting in an office.

However, data access management may not be keeping up with this progression and consequently could be putting businesses and sensitive information at risk.

A poll of chief information officers (CIOs) was carried out across Europe and found that many current information security policies are inadequate in terms of data protection.

The research was carried out by Quest, now part of Dell, and warned that consumer devices in the workplace, geographically dispersed teams and social networks are all having an impact on the way information is shared.

Some 65 per cent of respondents said employees often share data they need in the fastest and easiest way, even if this means ignoring IT policy and putting critical information at risk.

Furthermore, 69 per cent of CIOs thought organisations need to take more responsibility for data storage and protection.

Information relating to personnel, customers and HR was most likely to be shared on social media and third party websites, so could have been regularly exposed outside businesses.

Quest recommended adopting a security procedure that gives each employee the least privilege necessary to accomplish their required tasks and also embracing an access review policy that is updated regularly.

Phil Allen, information security expert with the company, said failing to protect customer data could cost as much as £2.2 million in lost revenue and fines.

"We are seeing many organisations grapple with the consequences of ineffective information and access governance policies, including increased security breaches, decreased productivity and rising costs," he added.

Earlier this month, The Register found that the most commonly leaked password of 2012 was ‘password’, suggesting many employees are still using it despite the fact that hackers could easily bypass the security measure.