Risk
10/2/2012
09:41 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

One-Third Admit They Take Compliance Risks

DataMotion research shows widespread lack of confidence among respondents in effectiveness of corporate security and compliance policies and solutions

MORRISTOWN, N.J. – October 2, 2012 – DataMotion (www.datamotion.com), an innovator in cloud-based data delivery services, today released research showing that despite having corporate security and compliance policies and solutions in place, there is a widespread lack of confidence among respondents in their effectiveness. According to survey findings, 84% of respondents believe employees/co-workers violate security and compliance policies for transferring files electronically and only 45.5% feel these policies are fully understood. Adding to respondents' compliance woes, nearly one in three admit their company knowingly takes risks because they don't have the resources to be totally compliant. Considering these results, it's no surprise that only 37.5% of respondents state they are very confident that their organization would pass a compliance audit if selected.

Conducted by DataMotion, the survey polled more than 200 IT and business decision-makers across the U.S. and Canada to gain insight into corporate email and file transfer (FTP) habits. The survey particularly focused on those in industries that routinely deal with sensitive data and compliance regulations, such as financial services, healthcare and government.

Key highlights from the survey include:

· Inadequate Security and Compliance Policies: Though 80% said their company has security and compliance policies for transferring files electronically, respondents feel they are not clearly understood or followed.

o Only 45.5% of this group feel employees/co-workers fully understand these policies.

o 84% believe employees/co-workers routinely or occasionally violate security and compliance policies.

· Threat of Consumer-type File Transfer Services: Consumer-based applications for sharing files often have weak security and IT administrative controls, leading to potential data leakage and serious risks with sensitive information if used in the workplace. Despite this:

o 34.2% of respondents have used, or recommended that others use, free consumer-type file transfer services such as YouSendIt, Dropbox, iCloud, etc. for work purposes.

o 43.4% stated their company does not forbid the use of free consumer-type file transfer services.

o 52% said their company does not block the URLs to free consumer-type file transfer services.

· Vulnerabilities in Secure Email and File Transfer Capabilities: The ability to send sensitive information securely and compliantly via email is vital. Yet, despite growth in usage, survey data shows many companies are still lacking basic tools for secure data delivery.

o 34.5% of respondents do not have the ability to encrypt email.

o 28.9% said their company does not monitor the content of outbound email and file attachments for compliance purposes.

o 42.5% are only "somewhat" confident in the technology their company uses for filtering outbound email and file attachments for compliance purposes, and an additional 3.8% are not confident at all.

o 54% do not have a single tool for securely encrypting sensitive email and transferring files.

· "Rolling the Dice" on Audits: Failing to pass a compliance audit can result in costly fines and damaged reputations. Even so, the survey shows companies are taking risks, either because they lack the resources to fully comply, or, don't feel it's likely their organization will be audited.

o When asked to describe their company's approach to compliance, 31.5% said they take risks because they don't have the resources to be totally compliant.

o 38.6% of respondents feel it is not likely their company will be selected for a compliance audit in the next 12 months, with 37.5% saying it is only "somewhat" likely.

o Only 37.5% of respondents are very confident their company would pass a compliance audit.

"Data breaches are more prevalent than ever and regulatory agencies are handing out millions of dollars in fines for privacy and security violations, yet this survey shows companies are still cutting corners," said DataMotion's Chief Technology Officer, Bob Janacek. "Some companies mistakenly believe suffering a data breach would be less expensive than the cost of being compliant. What they fail to consider is the price they'll pay goes far beyond compliance fines. In addition to investigation, legal fees and costs associated with new prevention efforts, there's always severe backlash from a tarnished reputation. The fact is, cost-effective, easy-to-deploy, user-friendly secure data delivery solutions are available that can go a long way in eliminating security risks and ensuring compliance."

Millions of users worldwide rely on DataMotion solutions. The DataMotion Platform improves on traditional approaches by providing a unified, secure, cloud-based hub for delivering messages, files and electronic forms. It integrates disparate systems in a fully auditable manner and provides visibility into reporting of all transactions to ensure control. Its unique architecture offers flexibility to incorporate any number of systems, workflows and organizations. A true PaaS, it also is available as a transaction-based pay-as-you-go business option, enabling organizations to start with smaller deployments and scale as they grow.

To learn more about DataMotion SecureMail Gateway, click here.

To learn more about DataMotion Secure File Transfer, click here

To learn more about the DataMotion Platform, click here

To follow DataMotion on Twitter, visit http://twitter.com/DataMotion, on LinkedIn, visit DataMotion, Inc. and on Facebook, visit DataMotion.

About DataMotion

DataMotion enables organizations to dramatically reduce the cost and complexity of delivering electronic information to employees, customers and partners in a secure and compliant way. The company's core DataMotion Platform solves a broad range of business issues by providing a secure data delivery hub. The company's easy-to-use solutions for secure email, file transfer, forms processing and customer contact leverage the DataMotion Platform for unified data delivery. Millions of users worldwide rely on DataMotion to transparently improve business processes and reduce costs, while mitigating security and compliance risk. DataMotion is privately held and based in Morristown, N.J.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

CVE-2014-2392
Published: 2014-04-24
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer log...

Best of the Web