Firms failing on data sharing

Firms are acting to secure sensitive data, but third party risks remain

Written by Phil Muncaster

IT Week, 14 Nov 2006

Advertisement

Over half of organisations are failing to manage the risks of sharing data with third parties, although many are now investing in securing the capture and storage of sensitive data, according to a new global survey by consultancy Ernst & Young.

The firm's Global Information Security survey of 1,200 public- and private-sector organisations in nearly 50 countries found that more than three-quarters cited privacy and data protection as a significant issue, with 52 percent addressing privacy and data protection with formal procedures.

"It's been an issue for years but it has been done in an ad-hoc way through point solutions," explained the firm's UK head of Technology and Security Risk Services, Richard Brown. "What's caused that is a combination of consumers being more savvy in that area, and organisations getting on top of segregation of duties and securing data."

He added that although many firms are now taking "a good solid risk management approach" to data security, it is becomingly increasingly important to have disaster-recovery processes underpinning that. But only half of respondents said they actually tested their plans while only 46 percent said they have communication strategies in place.

Another major finding of the survey was the lack of formal agreements with third-party suppliers for secure data-sharing in just over half of firms. Brown argued that this is because contracts are often set up without the input of the CIO, who should enforce compliance with corporate standards over data security.

Donald Massaro, chief executive of secure messaging specialist Sendmail, agreed that firms are now taking data security a lot more seriously, driven by compliance to new legislation and high-profile data breaches.

"It has reached a tipping point in the States and the Californian [data breach notification] law has put some teeth on it," he explained. "Also, losing intellectual property is a violation of Sarbanes Oxley; it's all high visibility stuff that has the attention of [C-level executives] and it's moving over into Europe."

Tags:

Further reading

Related articles

Related whitepapers

Related jobs

Do you agree?

Have your say on this article

IT white papers

Search vnunet IThound

Top categories

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Watch

A stressed CIO

28 Aug 2008

9.73 MBComputing podcast 28 August 2008 More...

Virgin Train

22 Aug 2008

8.71 MBComputing podcast 21 August 2008 More...

School children using PCs

14 Aug 2008

9.23 MBComputing podcast 14 August 2008 More...

Listen to more

Poll

GARY MCKINNON EXTRADITION

GARY MCKINNON EXTRADITION

Should Gary McKinnon be extradited to the US for hacking into military computers?

Previous poll results

Spotlight

Hacker

Hacker runs up $12,000 Federal phone bill

Five year-old flaw exploited to place 400 long-distance calls   More...

Steve Wozniak

IDF: Woz on Woz

Apple II co-founder muses on life, love and the meaning...  More...

Prince

Fair use comes first in web video

Dancing baby sets legal landmark   More...

Justin Rattner

IDF: Intel predicts artificial intelligence in 40 years

Computers smarter than humans by 2048   More...

Primary Navigation