Archive | Information Governance RSS feed for this section

Guess how many times a week your company is hacked?

Most organizations are actually pretty easy targets for attackers. I’ve always wondered though, why the particular companies that have massive invasions the reason the hackers targeted them? Supposedly a credit card number can get you $1.00 on the black market. I assume if you have stolen say 2 million that’s quite a handful of chunk change. The more personal information you can steal, the higher the price.

In every survey, what are organizations concerned about? Security. How many are proactively doing anything about it, or have they evaluated the risk and it is of low value. The recent IBM/Ponemon survey, ‘IBM 2015 Cost of Data Breach Study’, indicates attacks are going up alarmingly and so is the price tag.

In another recent article, Coviello tackles cloud privacy, government’s key escrow plan I found one particular series of statistics very interesting and sobering. Acuity Solutions President Kris Lovejoy painted a gloomy picture of cloud data privacy, which by the way this is an excellent article.

According to Mr. Lovejoy,”An average organization of 15,000 would look at approximately 1.7 million security events per week. Of those 1.7 million security events, 324 of those events were security attacks. Those security attacks were deliberate attacks carried out by motivated attackers,” she said. “For those attacks, 2.1 of those 324 attacks would result in a compromise. So 2.1 times a week a bad guy was getting into the organization.”

Kind of frightening isn’t it?

Comments are closed

Time to Tighten Your Belts – Would you rather be safe or sorry?

According to Osterman Research, 95% of business users primarily communicate via email. Of emails sent, 98% were sent with attachments. Secure? Highly doubtful. Mobile devices and BYOD, has unlocked a hornets nest and has put security of confidential information at risk. In the BYOD world, who owns the content, the owner of the device or the organization? Does the organization have the right to access the device to identify confidential information? Current court cases will decide the outcome.

Complicating security issues, social has entered the business world. Accepted in a court of law, the organization is responsible for tweets, social postings, Facebook, and instant messaging, even if it is an end users personal account. Security breaches should be an organizational priority. Did you know that most breaches are caused internally, either through negligence or deliberately? And the security holes only grow deeper into sink holes with no escape.

Oddly enough, C-level folks state unequivocally that they are concerned with cloud security. Rightly so. On the other side of the coin, they tend not to do a lot about it. Some have the attitude that a couple of million dollars to remedy the situation is pocket change as opposed to being prepared for the worst. It isn’t only the money, for better or for worse the impact on the brand and the attitude of customers can be worth much more than remediation. It takes years to build a brand, and depending on the data exposure, it can be destroyed.

They have made their perimeter a fortress, but most exposures are internal. Spending time documenting your security holes within the organization may influence organizations with lax rules to tighten their belts on security processes, access, and define what is and what is not confidential.

Comments are closed

Keeping the Lights On When Your Cloud Provider Can’t.

Does your organization have a business continuity plan as well as a disaster plan if your SaaS provider goes belly up? For whatever reason, goes out of business, abruptly turns out the lights, catastrophes, server crashes, data breaches? If you don’t why not?

Sponsored by Iron Mountain, IDG in its white paper ‘When the Cloud Evaporates’, one-third of the survey respondents said they had subscribed to mission critical SaaS applications and the provider did not meet expectations of support. What was the result? I guess it was quite a surprise and some organizations were totally unprepared. According to the survey, the organizations:

“Transferred workload to another vendor and filed a lawsuit
•Caused numerous setbacks and problems
•Incurred costs
•Needed to find a tactical solution until a long term strategic solution could be put in place
•Scrambled to pick up the application, provide on-going maintenance, and engage in an alternative partners
•Some solutions have had to be done in-house as work arounds”

In any event, not a pretty situation. IDG recommends not only a business continuity plan as well as a disaster plan. “You need something more: a business continuity strategy that works in any situation not addressed by the providers Disaster Recovery strategy. This gives you access to your applications and data to keep the lights on even if you SaaS provider can’t.”

This was a short white paper, but very interesting. I would recommend reading it if you do have business critical SaaS applications – or even if you don’t but are thinking about the cloud. (Registration is required)

Comments are closed

And Yet More Mumbo Jumbo about Information Governance

Ok, I haven’t even read the article yet. The description in the email I received tells me that I can learn from experts on how to tackle Information Governance – the new ‘must have’ to succeed. I’m not against good advice, nor practical, doable, and workable solutions. I have yet to read an article that actually explains through a case study, or experience the actual ‘how’ to information. It’s pretty much mumbo jumbo. In other words, I would like to know the good, the bad, and the ugly.

According to IG Initiatives 2014 Annual Report, the cost of an information governance project for a 5,000-10,000 employee company is $2,417,000. (No that’s not a typo). That’s a tough ROI to justify unless broken down into application challenges that can be solved and processes that can be improved. You don’t hear the cost battered about much in any articles. For many, if not most organizations, it just isn’t affordable or justifiable.

Don’t get me wrong I am a great proponent of Information Governance, I just feel that everyone’s talking about it in a vague way on why organizations should do it, not how.

Can anyone provide real-life experiences or advice for those organizations that do have $2,417,000 to spend?

Comments are closed