The need to protect confidential data cuts across companies large and small, within every industry. The results of our research data shed new light on the need for all organizations to protect against the insider threat, and the importance of including contractors and third-party affiliates as insiders in today's global marketplace.
Mission-critical data that goes missing could result in legal liabilities and regulatory compliance violations -- an intolerable situation. One would expect that security-conscious organizations would include tape encryption as a standard security defense. Unfortunately, this hypothesis simply isn't true. In a survey of 388 storage professionals, ESG found that only 7 percent of users reported that they always encrypt their backup data while 60 percent said that they never do. There will likely be many more instances of lost tapes, which may lead to embarrassing public disclosures and expensive notification efforts.
This research process resulted in some eye-opening and somewhat troubling conclusions. Large organizations identified security holes across a number of areas. Security processes are fair at best, and most users have not been trained on security policies and risks. I view the data from this report as a cry for help - clearly something must be done soon.
This is a relatively new technology space and people tend to deal with security in a tactical fashion. People are transitioning to take a bigger look at security. There's pretty convincing evidence that shows that a tactical approach to security doesn't work. There are more threats. There are more attack vectors. The attacks are getting nastier.