Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:00 AM
Connect Directly

Survey: Unstructured Data a Security Nightmare

New Ponemon Institute report finds organizations don't have a grip on access to data on file servers, network-attached storage

Organizations aren’t only worried about database breaches: Only 23 percent think their unstructured data is secured, and 89 percent say controlling access to their spreadsheets, Word documents, audio and video files, instant messages, and Web pages, is tougher than for structured (database) data, according to a new study from the Ponemon Institute.

They say their data access controls for unstructured data aren’t tight enough. Over 70 percent say employees unnecessarily get access to some data; 46 percent said that employees, temporary employees and contractors “often” have too much access to the organization’s unstructured data; and 24 percent say that this is the case “very often,” according to the study commissioned by Varonis, which sells data governance tools for unstructured data.

“Our study exposes a serious flaw in the data security processes of many companies in that inadequate data governance may afford improper access to sensitive information by unauthorized individuals,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. Unstructured information is often found on file servers and network-attached storage, for instance.

Over 90 percent of the respondents say they don’t have a process for determining who owns what data, and 76 percent can’t figure out who can access unstructured data, according to the report. Over 60 percent say they don’t have a monitoring process to watch who is accessing which unstructured data.

“They are concerned about their unstructured data... but they don’t do much about it” right now, says Raphael Reich, director of product marketing for Varonis. “They are either doing it manually, or outsourcing it to consulting firms.”

The Ponemon Institute estimates that the U.S. market for products and technology for securing unstructured data is about $3.16 billion.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Ponemon Institute LLC
  • Varonis Systems Inc.

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Overcoming the Challenge of Shorter Certificate Lifespans
    Mike Cooper, Founder & CEO of Revocent,  10/15/2020
    7 Tips for Choosing Security Metrics That Matter
    Ericka Chickowski, Contributing Writer,  10/19/2020
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    Special Report: Computing's New Normal
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    How IT Security Organizations are Attacking the Cybersecurity Problem
    How IT Security Organizations are Attacking the Cybersecurity Problem
    The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-10-21
    BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.
    PUBLISHED: 2020-10-21
    Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver,...
    PUBLISHED: 2020-10-21
    Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collis...
    PUBLISHED: 2020-10-20
    Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
    PUBLISHED: 2020-10-20
    Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.