Survey: Security policies neglect off-network devices

Survey: Security policies neglect off-network devices according to a recent survey

A majority of companies put confidential data at risk every day when equipment such as servers, desktops, laptops and portable storage devices leave the confines of their network, according to a recent survey of 735 IT security practitioners.

The survey, conducted by Ponemon Institute and commissioned by Redemtech, an IT asset management and recovery services vendor, shows that the vast majority of data breaches reported today involve unprotected information on devices that go off the network at one time or another for relocation, repair or disposal. The findings, Ponemon says, should compel IT security managers to ramp up their off-network security policies and practices to the same level of their security practices for devices on the network.

"Organizations have experienced the theft or loss of confidential data when it has been off-network. The practices and procedures of protecting data off-network is, therefore, as much an issue as protecting data when it is on-network," the Ponemon report "The Insecurity of Off-Network Security" reads. "Both on- and off-network security should be important for all organizations."

The survey found that close to three-fourths of corporations experienced the loss or theft of a "data-bearing asset" in the past 24 months. Of those, 42 percent involved the loss of sensitive or confidential data. For 68 percent, those devices were laptop computers; for another 67 percent data breaches occurred on PDAs; and for about 60 percent confidential information was compromised when USB flash drives were lost or stolen. Even larger devices such as servers and desktops were cited by 39 percent and 29 percent, respectively, of survey respondents as the cause of data loss in the past two years. Other off-network devices involved in a data breach included backup media for 29 percent of those polled, zip drives and copying machines for 13 percent each, external storage devices for 11 percent, routes for 9 percent, and printers and fax machines for 4 percent of survey respondents.

Yet despite the many reported losses on off-network equipment, more than 60 percent of survey respondents said that their organizations place more importance on on-network security issues. Sixty-two percent of survey respondents said their organizations have data-risk problems, which Ponemon described as "an abundance of unprotected sensitive or confidential information residing on off-network data-bearing assets." And another 62 percent of survey respondents reported that they "believe that off-network controls are not rigorously managed."

"Our research shows that, while more companies recognize the risk off-network data poses, few seems to have a grasp on how to manage the many challenges off-network data presents to maintaining a strong data security program, and many do not even have a policy to address the situation," said Larry Ponemon, found and chairman of the Ponemon Institute, in a press release. Ponemon and Robert Houghton, president of Redemtech, are scheduled to discuss the study findings at Harvard University's Privacy Symposium Wednesday.

The frequency of loss data from laptops and other devices is in part due to a lack of policies dictating how to treat critical data on devices that could leave the network, the study says. About 60 percent of survey respondents said they lack the resources to implement proper policies and put controls on off-network devices. About 40 percent of survey respondents said between 5 percent and 10 percent of their IT security budget is earmarked for off-network security activities, and 34 percent said they can use between 1 percent and 5 percent on such activities.

"The proof of senior managements' commitment to off-network security activities is budget allocation. 89 percent of respondents report that off-network security activities represent no more than 10 percent of earmarked IT security spending," the report reads. "If off-network security threats represent about half of all data breaches, a 10 percent or less budget allocation suggests inadequate focus, attention or commitment."

Recommended

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Denise Dubie

Network World

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?