Report: Plugging Data Leaks Is High PriorityBy Lisa Vaas | Posted 2007-03-05 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
A new survey finds that 90 percent of companies plan to implement new technology to secure electronic copies of intellectual property in the coming year.
In the wake of incidents such as TJX's potentially massive loss of data to theft, reported in January, it shouldn't come as a surprise to find that 90 percent of companies plan to plug in new technology to secure electronic copies of intellectual property in the coming year.
That was one finding of a report from Enterprise Strategy Group, issued on March 5, entitled "Intellectual Property Rules." ESG surveyed 112 organizations, each with more than 1,000 employees, for the report.
One of the findings that surprised ESG was how big the IP problem is, according to Eric Ogren, a security analyst for ESG.
Protecting PII (personally identifiable information) such as the credit card numbers, Social Security numbers and other pieces of user and customer data are actually not the top priority with most organizations, Ogren said. "We asked upfront, what do you consider to be intellectual property?" he said. "What they want to protect is financial information, contracts and agreements. Only after that is PII."
Other IP that companies are looking to protect include, in order of reported priority, source code, competitive intelligence, internal research data, design specifications, customers' PII, trade secrets, CRM (customer relationship management) databases, patent documents and sponsored research data.
What's tough about protecting such data is that it comes in so many different forms. Much of it doesn't fit into a neat fixed-format, as would Social Security numbers or credit card numbers, for example. Instead, it comes from all over the network. Specifically, ESG's report shows that in the surveyed population, 21 percent of IP resides in corporate e-mail; 17 percent lives in corporate portals or intranets; 34 percent is stored in application databases such as SAP, Oracle or SQL Server; and 28 percent is kept in file systems, including spreadsheets, Word documents and the like.
"If you think e-mail is your only issue, you're only solving 20 percent of [the] problem," Ogren said.