Risk
10/2/2012
09:41 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

One-Third Admit They Take Compliance Risks

DataMotion research shows widespread lack of confidence among respondents in effectiveness of corporate security and compliance policies and solutions

MORRISTOWN, N.J. – October 2, 2012 – DataMotion (www.datamotion.com), an innovator in cloud-based data delivery services, today released research showing that despite having corporate security and compliance policies and solutions in place, there is a widespread lack of confidence among respondents in their effectiveness. According to survey findings, 84% of respondents believe employees/co-workers violate security and compliance policies for transferring files electronically and only 45.5% feel these policies are fully understood. Adding to respondents' compliance woes, nearly one in three admit their company knowingly takes risks because they don't have the resources to be totally compliant. Considering these results, it's no surprise that only 37.5% of respondents state they are very confident that their organization would pass a compliance audit if selected.

Conducted by DataMotion, the survey polled more than 200 IT and business decision-makers across the U.S. and Canada to gain insight into corporate email and file transfer (FTP) habits. The survey particularly focused on those in industries that routinely deal with sensitive data and compliance regulations, such as financial services, healthcare and government.

Key highlights from the survey include:

· Inadequate Security and Compliance Policies: Though 80% said their company has security and compliance policies for transferring files electronically, respondents feel they are not clearly understood or followed.

o Only 45.5% of this group feel employees/co-workers fully understand these policies.

o 84% believe employees/co-workers routinely or occasionally violate security and compliance policies.

· Threat of Consumer-type File Transfer Services: Consumer-based applications for sharing files often have weak security and IT administrative controls, leading to potential data leakage and serious risks with sensitive information if used in the workplace. Despite this:

o 34.2% of respondents have used, or recommended that others use, free consumer-type file transfer services such as YouSendIt, Dropbox, iCloud, etc. for work purposes.

o 43.4% stated their company does not forbid the use of free consumer-type file transfer services.

o 52% said their company does not block the URLs to free consumer-type file transfer services.

· Vulnerabilities in Secure Email and File Transfer Capabilities: The ability to send sensitive information securely and compliantly via email is vital. Yet, despite growth in usage, survey data shows many companies are still lacking basic tools for secure data delivery.

o 34.5% of respondents do not have the ability to encrypt email.

o 28.9% said their company does not monitor the content of outbound email and file attachments for compliance purposes.

o 42.5% are only "somewhat" confident in the technology their company uses for filtering outbound email and file attachments for compliance purposes, and an additional 3.8% are not confident at all.

o 54% do not have a single tool for securely encrypting sensitive email and transferring files.

· "Rolling the Dice" on Audits: Failing to pass a compliance audit can result in costly fines and damaged reputations. Even so, the survey shows companies are taking risks, either because they lack the resources to fully comply, or, don't feel it's likely their organization will be audited.

o When asked to describe their company's approach to compliance, 31.5% said they take risks because they don't have the resources to be totally compliant.

o 38.6% of respondents feel it is not likely their company will be selected for a compliance audit in the next 12 months, with 37.5% saying it is only "somewhat" likely.

o Only 37.5% of respondents are very confident their company would pass a compliance audit.

"Data breaches are more prevalent than ever and regulatory agencies are handing out millions of dollars in fines for privacy and security violations, yet this survey shows companies are still cutting corners," said DataMotion's Chief Technology Officer, Bob Janacek. "Some companies mistakenly believe suffering a data breach would be less expensive than the cost of being compliant. What they fail to consider is the price they'll pay goes far beyond compliance fines. In addition to investigation, legal fees and costs associated with new prevention efforts, there's always severe backlash from a tarnished reputation. The fact is, cost-effective, easy-to-deploy, user-friendly secure data delivery solutions are available that can go a long way in eliminating security risks and ensuring compliance."

Millions of users worldwide rely on DataMotion solutions. The DataMotion Platform improves on traditional approaches by providing a unified, secure, cloud-based hub for delivering messages, files and electronic forms. It integrates disparate systems in a fully auditable manner and provides visibility into reporting of all transactions to ensure control. Its unique architecture offers flexibility to incorporate any number of systems, workflows and organizations. A true PaaS, it also is available as a transaction-based pay-as-you-go business option, enabling organizations to start with smaller deployments and scale as they grow.

To learn more about DataMotion SecureMail Gateway, click here.

To learn more about DataMotion Secure File Transfer, click here

To learn more about the DataMotion Platform, click here

To follow DataMotion on Twitter, visit http://twitter.com/DataMotion, on LinkedIn, visit DataMotion, Inc. and on Facebook, visit DataMotion.

About DataMotion

DataMotion enables organizations to dramatically reduce the cost and complexity of delivering electronic information to employees, customers and partners in a secure and compliant way. The company's core DataMotion Platform solves a broad range of business issues by providing a secure data delivery hub. The company's easy-to-use solutions for secure email, file transfer, forms processing and customer contact leverage the DataMotion Platform for unified data delivery. Millions of users worldwide rely on DataMotion to transparently improve business processes and reduce costs, while mitigating security and compliance risk. DataMotion is privately held and based in Morristown, N.J.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.