I always find it interesting that organizations seem to take such a reactionary approach to data security. It seems that most companies fail to invest in deep data security until they’ve experienced enough serious breaches to shake them into doing something. I haven’t been able to figure out if it is an awareness issue or just denial. Not surprisingly, the technology and process investment needed to truly secure data is much lower than the cost of dealing with a breach.
The truth is that data security is a serious problem for everyone. A 2009 Ponemon Institute study found that 82% of organizations had experienced a data breach, and 94% had experienced data attacks in the past six months. I find this to be a startling number… Similar studies have found that the cost of a data breach is now over $200 per record, and since most of these breaches include anywhere from 5,000 records to 100,000, the impact can be extremely high. And yet, most companies rely on standard firewall defenses and database authorization as their sole means of protection.
Another interesting observation is that when people finally do start to invest in deeper data security, they seem to snap into a better awareness and invest quickly to do a better job of protecting a much broader set of data, even though their initiatives may just start with a smaller subset. I think what happens is that in the process of focusing on data security, they realize just how exposed they really are, and they also realize that there is something they can do about it that really isn’t that difficult.
For example, with our InfoSphere Guardium technology, we tend to see companies invest much more heavily in the technology after their initial implementation success – often as much as 5-10x within six months of their first purchase as they expand the scope of their security controls. I think part of this is due to how quickly they are able to roll the technology out. For example, a European telco company rolled out InfoSphere Guardium to 12 data centers within 2 weeks earlier this year. It shows that once people begin to dig into their actual exposure, and see how easy it is to fix, they suddenly become more proactive.
The question is – are you prepared?