Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:00 AM
Connect Directly

Survey: Unstructured Data a Security Nightmare

New Ponemon Institute report finds organizations don't have a grip on access to data on file servers, network-attached storage

Organizations aren’t only worried about database breaches: Only 23 percent think their unstructured data is secured, and 89 percent say controlling access to their spreadsheets, Word documents, audio and video files, instant messages, and Web pages, is tougher than for structured (database) data, according to a new study from the Ponemon Institute.

They say their data access controls for unstructured data aren’t tight enough. Over 70 percent say employees unnecessarily get access to some data; 46 percent said that employees, temporary employees and contractors “often” have too much access to the organization’s unstructured data; and 24 percent say that this is the case “very often,” according to the study commissioned by Varonis, which sells data governance tools for unstructured data.

“Our study exposes a serious flaw in the data security processes of many companies in that inadequate data governance may afford improper access to sensitive information by unauthorized individuals,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. Unstructured information is often found on file servers and network-attached storage, for instance.

Over 90 percent of the respondents say they don’t have a process for determining who owns what data, and 76 percent can’t figure out who can access unstructured data, according to the report. Over 60 percent say they don’t have a monitoring process to watch who is accessing which unstructured data.

“They are concerned about their unstructured data... but they don’t do much about it” right now, says Raphael Reich, director of product marketing for Varonis. “They are either doing it manually, or outsourcing it to consulting firms.”

The Ponemon Institute estimates that the U.S. market for products and technology for securing unstructured data is about $3.16 billion.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Ponemon Institute LLC
  • Varonis Systems Inc.

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Current Issue
    6 Emerging Cyber Threats That Enterprises Face in 2020
    This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
    Flash Poll
    State of Cybersecurity Incident Response
    State of Cybersecurity Incident Response
    Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-04-02
    An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (including admins) to enable arbitrary command execution.
    PUBLISHED: 2020-04-02
    Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.
    PUBLISHED: 2020-04-02
    ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload.
    PUBLISHED: 2020-04-02
    In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects the Linux 5.4 stable series, starting with v5.4.7, as the intr...
    PUBLISHED: 2020-04-02
    A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network.