Software Monetization Featured Article

Protect Against Data Breaches? Not Likely, Say SafeNet Survey Respondents

October 03, 2014

For those of us who shop online—and in ever-increasing numbers, that describes a large portion of us—a new study from SafeNet (News - Alert), Inc. should have stomachs dropping somewhere near the floor. We've all seen data breaches in one store or another, especially lately, but the news from SafeNet suggests that online shopping might not be as safe as some would hope.

The numbers from SafeNet's 2014 SafeNet Data Security Confidence Index tell a tale of little confidence indeed, as 74 percent of IT decision-makers believe that the currently-operating firewall is effective in keeping out unauthorized users, but 44 percent admit that that firewall has either been breached before or may have been breached already and no one knows that's the case. Perhaps worse, 60 percent of respondents aren't confident that, if the perimeter security—the firewall and the like—were actually breached, the data therein would actually remain secure. Essentially, once unauthorized users clear perimeter security, most seem convinced that it's open season on available data.

Yet despite this pessimistic outlook, there's not much being done to turn it all around. Businesses are mainly, at last report, investing in perimeter security methods, and not in what are called “defense-in-depth” mechanisms that include things like data encryption or multi-factor authentication, where users need to use more than one means to access a site. This is somewhat disturbing given the sheer number of data breaches taking place of late, and another study from SafeNet—the SafeNet Breach Level Index—showed that customer record thefts were up substantially, with over 375 million customer records stolen just in the first half of 2014, a number that's up almost a third—31 percent—from the same time in 2013.

Spending on perimeter security, meanwhile, has either remained the same or increased for fully 93 percent of organizations, according to the report, over the last five years. Roughly nine percent of budgets are being spent to purchase, maintain, or deploy such technology, and that number will likely remain almost the same—9.05 percent—when it comes to firewalls. Moreover, 67 percent of decision makers said there was no plan to decrease spending on perimeter security in a bid to increase spending on other defensive measures. In fact, more respondents would get rid of defense-in-depth measures; 49 percent were prepared to cut anomaly detection systems, and 24 percent would lose data encryption, while just 15 percent would cut perimeter security. Perhaps the most disastrous statistic of all, however, came when IT decision makers were asked if same would trust that company to safely store and manage personal data. For 25 percent, the answer was soundly “no.”

That's distressing for many reasons, much in the same way that a chef who won't eat his own food or an architect who won't live in her own building is. Though there's something to be said for the resistance to defense-in-depth methods, as this can make data more difficult to access for those who actually need the access to said data, it also goes a long way in protecting data from outside intrusion. It's the great conundrum of IT, as was once posed in a Dilbert strip: the best-secured data is the kind that absolutely no one can access.

Still, it does suggest that some changes need to be made here; the sheer number of data breaches suggests that firewall technology just isn't holding its own, and that maybe something else should be done here. Only time will tell, though, what that something is.

Edited by Maurice Nagle
Article comments powered by Disqus