Two-thirds of enterprises are failing to meet best practice standards for data control, an IDC study has revealed.
Keeping enterprise data both safe and accessible is a complex balancing act made all the more difficult by the geometric growth rate of production data, which is difficult to keep track of, let alone protect.
Each added physical copy increases the surface area of attack for this data, creating additional opportunities for the wrong people to get access. The problem still persists throughout the vast majority of enterprises, despite well-publicised high-profile security breaches or data leaks.
In IDC’s survey of senior executives at 429 mid-to-large scale enterprises, two-thirds of respondents were failing to meet best practice standards for data control, and few were likely to be consistent across the full spectrum of data security policies.
>See also: Beware the perils of hidden data
More than three quarters (77%) of those surveyed also failed to mask sensitive data during the test-development phase, which significantly increases the threat of a data breach. Government was the best-performing sector at implementing data control policies, while education was the weakest.
Meanwhile, it was found that a typical organisation holds 375 data copies, with each copy carrying sensitive information and therefore an increased risk of attack. And the CIO was cited as central to the implementation of data control and security policies, which were only found to be applied on an ad-hoc basis 34% of the time.
The enterprise copy data access problem is simply too large and broad for IT organisations to handle manually. By 2018, IDC estimates copy data will be cost IT organisations $50.63 billion and currently consumes up to 60% of the IT storage hardware and infrastructure budget.
“Our research clearly identified two major challenges faced by IT executives: the copy data proliferation problem and the copy data access problem,” said Phil Goodwin, research director at IDC. “Copy data is costly, and introduces risk when it needs to be accessed. Organisations need solutions that can automate copy data management and subsequently reduce risk and cost in the enterprise and public sector environments – manual efforts are simply insufficient.”
Ash Ashutosh, CEO of Actifio, which commissioned the study, added, “The truth is most companies have no idea how many copies of a given data set are floating around in their infrastructure or in the cloud. If you don’t know how many copies you have, you don’t know where they are – and if you don’t know where they are, you can’t tell who has access to them.”