Thursday, February 5, 2009

Breaches - up, up and away!

The news around breaches seem exactly like that of the current economy - gloom and doom all around. The latest in the fusillade is the analysis from Jon Oltsik from ESG. Looks like the number of breaches every year have been increasing - and this year it seems worse. Seems like with all the stuff hapenning (Heartland, the VA settling, the recent Ponemon report, the McAfee trillion dollar news), this new research is on expected territory.

However, one interesting nugget from Jon - 61% of small organizartions had a breach in the last 12 months while 49% of large ones succumbed in the same timeframe. One would have expected the difference to be much higher. Larger organizations have the resources and the security technologies in place to prevent such breaches - much more than do smaller organizations. Could be many reasons for the smallish gap - large companies are bigger targets, have more employees, have stringent disclosure requirements,have more data, etc. All valid reasons...

While this might be true, my hypothesis is that current security measures are also not working in large organizations. Breaches do not just happen in one areas (say laptops), but wherever data goes. And multiple, device-centric approaches to data protection do not mitigate breaches as much as folks would like to think.

One needs a better and more logical approach to data-protection. I firmly believe the information-centric approach is the way to go - protect data once, keep it protected wherever it goes - on any device and for any application.

No comments: