Corporate security requirements are necessary to prevent costly data breaches and keep customer information safe, yet almost half of employees surveyed by Voltage Security said they bypass security regulations in order to get their job done. More disturbingly, 40% admitted that if they were breached no one would notice.
The study found that while 85% of employees say that security has added value to their company, 46% said their job is hindered because they aren’t getting access to all the information they need. More than half of the respondents were working for large organizations (the majority employing more than 5,000 people), upping the scope of the potential damage.
“It is safe to assume that with the majority of people working for major organizations with more than 5,000 employees, the loss of a single deal can be detrimental to business and may well cause millions in damage,” said Dave Anderson, senior director of marketing, at Voltage Security. “The results show that organizations employ an array of restricting security tools that struggle to make data available to the right people, though the fundamental issue of security remains.”
The study also revealed that the pressure on companies to access information to get their job done is dividing the workforce. While 40% of companies have lost a sales opportunity because employees weren’t able to access the information they needed, an alarming 46% avoided the possibility of losing a sales opportunity by bypassing security controls to access necessary sensitive information to get the job done.
The findings also revealed a paradox: while 29% of organizations would notice within seconds or minutes if sensitive data wasn’t secured, a full 40% said they would never notice. And half of the respondents said they have had access to financial, customer or HR information they didn’t really need – putting potentially sensitive information at risk.
“Protecting sensitive data is the key requirement,” Anderson said. “Security can, and should be, seamlessly integrated into current business processes, rather than standalone functions that enable employees to protect information at all times. Deploying a data-centric framework will enable companies to protect sensitive information at all times, while still allowing employees to access, use, and move the data within the enterprise as needed to perform their duties.”
Channel partners can help their customers navigate these difficult waters: security should not be based on only protecting a device, server, tape, disk or media—sensitive data should be protected anywhere it moves, and any way it is used. Also, companies should implement data protection solutions that comprehensively protect all structured and unstructured data types across the entire IT infrastructure, including everything from legacy and mainframe, to data in the cloud and on mobile. Only protecting a single data type or a limited number of applications can leave an organization open to threats.