Decru, Inc., the leader in storage security, today unveiled the findings of an independent survey of 100 UK IT directors in the financial, manufacturing, retail, distribution and transport markets, aimed at determining the percentage of IT staff able to read confidential data. The study, commissioned by Decru and carried out by research consultancy Vanson Bourne in April, uncovered an unsettling picture where the most startling finding is that in a quarter of the companies surveyed, 50% of the IT staff has access to read sensitive company information. Not surprisingly, the higher the number of employees, the higher the figure. The retail, distribution and transport industries seem to be the least prepared in terms of stored data security, with nearly a third of respondents saying more than half of the IT staff can read confidential data simply because they have the access rights necessary to manage it.
The true and staggering meaning of these figures emerges when translated into numbers; since the polled companies each employ between 1,000 and 3,000+ staff and typically can have up to 50 and 70 people in the IT department respectively, the findings reveal how up to 2,240 people have access to confidential data across the polled organisations.
In all industries, IT staff, contractors and suppliers have access to an organisation's sensitive data. By sector, the percentage of respondents saying that approximately half of their IT staff could use their right to access confidential information ranges from nearly one in three (31%) in manufacturing to approximately a quarter (24%) for the financial services sector. These are highly risky figures when stored data is unprotected from malicious attacks (begrudged employee, competitor), human error (publishing data online) or breach of confidentiality (separate departments accessing each other's data) among others.
'The vast majority of enterprise investment in information security has focused on perimeter security and anti-virus, neither of which provide substantial protection against internal threats,' said Joanna Shields, VP of EMEA at Decru. 'Enterprises are starting to realise that their internal IT systems are vulnerable. In the case of storage systems, a single breach can expose terabytes of sensitive customer or corporate data, and the contents of these systems are typically accessible by IT staff, vendors, and consultants. Accordingly, enterprises are increasingly looking for solutions to secure their critical data using encryption, access controls, and authentication, allowing administrators to manage data without being able to read it."