News Stay informed about the latest enterprise technology news and product updates.

With data breach costs soaring, companies should review data sharing policies

Companies are sharing intellectual property in increasing numbers, but many organizations fail to monitor and enforce their policies, according to a recent survey.

Companies are sharing intellectual property with partners in increasing numbers, but many lack a formal process to determine the kind of data that can be shared and of those that do, less than half conduct review access and usage policies.

People are flying by the seat of their pants here and hoping not to get burned.
Jon Oltsik,
senior analystEnterprise Strategy Group

That was the conclusion of a new survey by Milford, Mass.-based Enterprise Strategy Group. In its report, "Expanding intellectual property protection beyond the firewall," the research firm surveyed security professionals at North American-based organizations with 1,000 to more than 20,000 employees.

Among the key findings: Only 41% of respondents work at organizations that have a formal process to determine which intellectual property can be shared. Sharing relationships are also not reviewed very often. Only 42% said their organization reviews the access and usages policies that apply to their business policies more than once per year.

With the costs of data breach soaring, companies shouldn't ignore how intellectual property data is categorized, secured and shared with partners, said Jon Oltsik, a senior analyst at the Enterprise Strategy Group.

Related information:
Data breach costs soar: A Ponemon Institute study indicates the costs associated with data breaches have soared and will continue to skyrocket unless companies do more to prevent them in the first place.

Who's Had a Taste of Your Intellectual Property? Here are the key ingredients to protecting your secret sauce.

Data breaches, compliance drive intellectual property protection: Recent high profile data breaches and compliance pressures are forcing companies to spend more on technology to protect intellectual property, according to a study.

Hacker techniques use Google to unearth sensitive data: Those who know where to look could use Google to dig up all sorts of sensitive company information, including intellectual property and passwords, one security expert warns.

"If you find that you can cut your costs by sharing data with customers and suppliers, you're going to do that and you're going to do it even if there's a perceived risk," Oltsik said. "People are willing to jump out in front of technology to get a business benefit and then backfill management, security and operations."

In addition, 64% of those surveyed said they are confident that their security department is aware of all business partners who have access to intellectual property data, but only 54% are confident that their organizations know the specific data that business partners can access.

Many different groups within an organization classify data as intellectual property, including legal and line-of-business management, IT, executive management, and others. With so many groups involved, each with limited oversight or accountability, IP classification can be lengthy, inefficient, and fraught with overlapping tasks and finger pointing, Oltsik said.

"When you start to talk about how people monitor and enforce their policies, then it gets much more scary," Oltsik said. "People are flying by the seat of their pants here and hoping not to get burned. You have a lot of different technologies and methods and you really don't have an end-to-end view. There isn't a lot of confidence in the actual validity of the data."

While the majority of respondents said their organization reviewed intellectual property data access and usage policies at least once a year, 27% said a review took place once a year if at all. Some were not aware of any policy reviews.

"It becomes one of those situations where you're just sharing everything with everybody and cross your fingers. That's a recipe for disaster," Oltsik said.

Oltsik said companies need to begin with a single classification schema. Different business units need to agree to how data is classified. Then businesses need to put policies around classification. Finally, companies need tools to monitor and audit data classification and sharing procedures and also enforce the policies in place.

The survey was sponsored by data loss prevention appliance vendor, Reconnex.

Dig Deeper on Data security strategies and governance

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.