Improperly Secured Data is a Serious Threat to CIOs and CTOs

This retention of data is causing problems for CIOs and CTOs. Ovum’s “Content is the New Perimeter” report shares the consequences of inadequate security.

8 November 2014


Data are piling up in the enterprise. Companies are retaining lots and lots of records, sometimes for regulatory reasons, sometimes to mine the data. Sometimes the information and content are kept simply because there isn’t an enforced policy in place to dictate what should stay — and what should go.

This retention of data is causing problems for chief information officers and chief technology officers, as a recent Ovum report notes. The research note, “Content is the New Perimeter,” discusses the consequences of inadequately protecting this ever-expanding mountain of content and data.

Data Leaks Cause Money Leaks

The report cites the high-profile case of Edward Snowden, the one-time National Security Agency contractor who shared thousands of classified documents with the media. Naturally, if those documents had been protected — with, say, Information Rights Management (IRM) — Snowden’s illicit content sharing could have been thwarted.

Snowden is just one example. Ovum notes there have been multiple instances in the United States and United Kingdom of content (improperly secured) causing legal non-compliance and fines. Some recent examples:

  • In 2013, someone stole a portable hard drive containing customer data from U.K. moneylender Jala Transport. The company was fined about $7,500.
  • Also in 2013, a U.K. Ministry of Justice-run prison lost a backup hard drive containing sensitive inmate data. Authorities fined the agency $286,000.
  • In 2012, U.K. authorities fined the Greater Manchester Police about $190,000 after the theft of a memory stick from an officer’s house. The stick held sensitive data about criminal investigations, but had no password lock.
  • In 2009, U.S.-based health insurance provider AvMed disclosed that two laptops had been stolen — and these contained unencrypted information on 1.2 million-plus customers. AvMed settled a subsequent customer lawsuit for $3 million earlier this year.

Lax Security Leads to Big Problems

So, as we can see, it’s all too easy for lax security to result in non-compliance. Breaches can become very, very public (think retail giants Home Depot and Target) and that can be catastrophic to your business.

All of us are, variously, clients, patients, partners, or citizens. We don’t want to think you can’t handle our personal information. Even when the result of a breach doesn’t result in a penalty, it causes the erosion of trust.

And, most likely, hardened security, including IRM, would have gone a ways to protect data from prying eyes — even if the information resided on a laptop or flash drive that had been stolen.

Marc Songini

Marc Songini

Marc Songini has worked in the information technology field for more than 16 years. His roles have included those of journalist, analyst, and marketing communications specialist. He admits that when he started out as a cub high tech reporter, Netscape was still rocking the industry with a wondrous new user interface called a “browser.” During his 10 years with International Data Group (IDG), Marc wrote for NetworkWorld and Computerworld, both award-winning magazines. Marc specializes in cloud, enterprise apps, and figuring out the meaning of being human in an automated world.