Notice: quest.com will be retired soon. Please visit our new site at software.dell.com

Corporate data loss can cost organisations €2.7 million in revenue and fines, according to Quest Software survey

Quest offers best practices on identity and access management to prevent exposure of business-critical data due to poor employee information-sharing habits



MAIDENHEAD, UK, December 12, 2012 - Quest Software, Inc.

 

Use of consumer devices in the workplace, geographically dispersed teams, and the prevalence of social networks all are having a dramatic impact on the way people share corporate information, which is raising serious concerns around data security. Quest Software, now a part of Dell, recently commissioned Vanson Bourne to survey CIOs in the UK, France and Germany, and found that current information security policies are failing to protect business-critical information, as identity and access management processes have not been updated to meet changing employee needs, leaving businesses exposed to risk.

In addition, the research found that 65% of European CIOs believe that employees share corporate data in the fastest and easiest way, regularly bypassing IT policy, and feeling little accountability for protecting critical company information. 69% also agree that organisations and employees should take greater responsibility for how corporate data is shared, stored and managed. Due to the significant security, financial and reputational risks of losing information, identity and access management is a priority for more than three quarters of European organisations in 2013 (76%). Quest offers best practice advice to address the following security issues:

  • Increased security breaches

European CIOs say that personnel (42%), customer (33%) and HR information (31%) are some of the most shared data on social networks and third party websites. In the past 12 – 18 months, HR (30%), customer (25%), and financial information (23%) has been exposed outside of the business, due to ineffective identity and access management. For organisations that have experienced these data breaches, 33% agreed that the company had lost customer trust, and 32% believed their corporate reputation had been damaged.

  • Decreased productivity

98% of CIOs also agreed that poor identity and access management makes employees use third party sites as ‘work-arounds’ when storing and sharing information, which can inhibit collaboration and productivity. 31% of CIOs said that over the past 12-18 months, employees have been stuck for prolonged periods of time without access to information they need to do their jobs.

  • Securing systems

62% of CIOs have faced increasing pressure over the past 12 months to protect company data due to the increasing news stories around how organisations are losing corporate data. Organisations are experiencing the most pressure from internal legal teams (41%), CEOs (40%), and Regulators (33%).


Best practice

Solutions such as Quest One Identity Solutions offer a complete set of capabilities, providing comprehensive controls in a flexible, modular architecture suited to address a full range of security concerns, and avoid the risks posed by poor identity and access management practices. CIOs can get more peace of mind by following these best practice guidelines.

  • Focus on Education - For the majority of today’s information security threats, prevention and mitigation lie in education, diligence, and processes – supported by technology where appropriate – that enforce strong passwords (which are changed regularly).
  • Adopt a “least privilege” security posture - Give each employee the least privilege necessary to accomplish required tasks and ensure that unnecessary access rights are revoked whenever an employee changes roles.
  • Embrace an access review policy - Provide regular, automated access alerts that notify two or more administrators of access changes, employee changes or other critical issues.
  • Achieve compliance - Implement access control and separation of duties practices and technologies, and develop, implement and enforce secure policy on all system access.

For more information on Quest One, please visit - http://www.quest.com/identity-management.


Quotes:

Phil Allen, information security expert (EMEA), Quest Software
We are seeing many organisations grapple with the consequences of ineffective information and access governance policies, including increased security breaches, decreased productivity and rising costs. European CIOs estimate that failure to protect customer data can cost 2.7 million in revenue loss and fines; however, the impact on corporate reputation is more damaging. Security systems have not been implemented with tech-savvy employees in mind. People therefore resort to the easiest way of sharing corporate data, and many do so without thinking about the consequences. This begs the question: Will employees eventually be contractually held accountable for corporate data breaches?”

“As the guardians of information, CIOs need to rethink how they deliver IT services and tools to employees, in order to offer a better service which meets both the end-user and business requirements, whilst not introducing unnecessary risk. IT leaders also need to better educate employees about the risks of sharing corporate data on vulnerable channel.”


Martin Kuppinger, Founder and Principal Analyst, KuppingerCole
“Identity and Access Management/Governance is going to be one of the fastest-growing areas over the next few years, as CIOs look to ensure they are compliant and not taking unnecessary security risks when opening up the organisation’s infrastructure for Cloud and Mobile computing. The business demand for onboarding of business partners is another push for implementing an agile IAM/IAG infrastructure. Such an infrastructure ensures readiness when auditors begin to clamp down hard on organisations that don’t take full measures to protect corporate data. The result of not having IAM/IAG in place as a cornerstone of Information Stewardship can be extremely damaging, regardless of how large or small the incident.” 

 

Supporting Resources:

About the research:

Quest Software, now a part of Dell, commissioned independent research agency Vanson Bourne to survey 175 CIOs and IT decision-makers in the UK, France and Germany, (525 in total) during September 2012. The survey targeted IT decision-makers at organisations with over 500 employees.

About Quest Software (now a part of Dell)

Dell Inc. (NASDAQ: DELL) listens to customers and delivers innovative technology and services that give them the power to do more. Quest, now a part of Dell’s Software Group, provides simple and innovative IT management solutions that enable more than 100,000 global customers to save time and money across physical and virtual environments. Quest products solve complex IT challenges ranging from database management, data protection, identity and access management, monitoring, user workspace management to Windows management. For more information, visit http://www.quest.com or http://www.dell.com.

About Dell Software

Dell Software helps customers of every size take advantage of new technologies and address organizational challenges to grow their businesses and remain competitive. For more than a decade, Dell has been making strategic software acquisitions and partnering in the industry to support and enable the hardware and services solutions it provides to customers. In 2012, Dell formed a dedicated software division to extend its capabilities in software IP and total solutions offerings. Dell security, systems management, business intelligence and application software draw on the strength of Dell’s distribution capabilities and reputation to help clients in every industry achieve better business outcomes.

RSS Feeds:

Technorati Tags:

 

 

###

 

 

Contact Information

Media Contact:

Nissha Morris

Dell Software/Quest

949.754.8714

 

nisha_morris@dell.com 

 

 

Dell is a trademark of Dell Inc. Dell disclaims any proprietary interest in the marks and names of others.

 

Quest, Quest Software, Foglight, and the Quest logo are trademarks or registered trademarks of Quest Software in the United States and certain other countries.  All other names mentioned herein may be trademarks of their respective owners.