Too much emphasis is placed on compliance and not enough on protecting data.
Pointing to a recent report by Forrester Consulting, which claimed that enterprises are concentrating too much on compliance efforts and not investing enough of their resources in protecting against the theft of valuable intellectual property, CA claimed that most organisations have been more heavily focused on protecting sensitive data and not their secrets.
Kristi Perdue, director of product marketing, information protection, governance and compliance at CA, claimed that while an organisation's sensitive data is usually most valuable, mishandling of custodial data is much more visible and linked to compliance requirements.
Perdue said: “Organisations need to ensure that both sensitive (custodial data) and organisational information (secrets) are protected. To do this, organisations need to view their information and security strategies in a more holistic fashion to better manage and control vital business data based on user access, identity and role.
“All organisations need to become more aware of what information they have and who has access to it. They need to understand where this information is located, how it is used, who needs to use it and how it can be shared. Based on the type of information, can employees collaborate and share it over FTP, SharePoint, Facebook, blog posts, email? Who can do what with what type of information and in what situation?”
Sam Curry, CTO of marketing at RSA, who commissioned the report along with Microsoft, said: “Companies are spending money to protect customer, medical and payment card information, as they should, but more emphasis needs to be placed on protecting the intellectual property and data that has intrinsic value to an organisation. If intellectual property is lost, it can cause long-term competitive harm to an organisation.”