Late last year, Information Commissioner Christopher Graham commented on his blog that data protection is under threat from the continuing recession.
He suggested that businesses under pressure may be tempted to cut corners and push boundaries when it comes to protecting corporate information. He highlighted a common problem that a lot of UK organisations are increasingly facing as the downturn continues to linger.
As budgets continue to be cut, security and data protection are some of the first things that get neglected, particularly as such functions have traditionally been perceived as costly. In reality, this perception is in fact caused by inefficiency – through manual tasks and over-centralisation.
In these times of austerity, security can be achieved without large capital investment; IT departments just need to take a number of sensible precautions to ensure security of information and access governance. Organisations certainly can't afford to be lax when it comes to security.
Very recently, the European Commission proposed new rules stating that serious data breaches will need to be reported to the national supervisory authority and affected citizens within 24 hours. Whilst this is undoubtedly going to be a struggle for many organisations, the aggressive proposal is unquestionably a result of the sharp increase in public data breaches over the past year.
In my view, this will force many businesses to shake up the way information is stored and shared, inside and outside of the organisation. Yet for many organisations, managing efficient identity and access management systems, and ensuring that activity is fully tracked, audited and compliant, are also a big struggle.
Our own research has shown that over 51 per cent of IT professionals are concerned about insider threats to network security in their company's current infrastructure, and 90 per cent agree that companies need to do more to manage and protect users' electronic identities.
In addition to such threats, we are seeing professionals regularly compromise business or personal information by using insecure and risky shortcuts, not out of malice, but to make their lives easier in the workplace.
For instance, with many professionals tasked to remember more than five work-related passwords, 42 per cent of employees prefer to keep password details written down and within easy grasp to prevent halting workflow, which can leave them open to potential theft.
A more effective way of cutting costs is to look carefully at the processes that can be automated, such as identity and access management (IAM), which can increase efficiency, reduce costs, whilst maintaining the integrity of your data. With over a quarter of employee queries made to IT helpdesks being access related, IAM can also remove some of the burden placed on the helpdesk, making their lives much easier.
Implementing a single, integrated system that provides end-to-end management of employee identities and retires orphaned or unneeded identities at the appropriate time is the key to simplifying the management of IAM systems.
The recent warnings from the ICO and the European Commission's recent proposals are timely reminders of the type of risks that businesses can impose on themselves and their customers if the right precautions to protect information are not followed, and the mess companies can get into if measures to detect such breaches are lax.
Similar to a game of football, a ‘red card' violation such as a data breach can be extremely damaging to the reputation of any organisation, and with the European Commission proposing fines of up to two per cent of annual global turnover, such data breaches can be controversial and even crippling.
Without the right security systems in place, organisations risk compromising sensitive information, revenue and their reputation.
Phil Allen is director of identity and access management (EMEA) at Quest Software