October 8, 2010

Data security ranks number one

Ensuring data security is the number one objective of IT managers when it comes to IT asset disposal. This is no surprise to us, as the world's media focuses on privacy and data breaches, waiting for their next big story. The topic is hot. Organizations found to have unwittingly exposed customer records risk having their reputation tarnished and customer loyalty shattered.

A Google search on "data breach" lists 6,930,000 results. And The Privacy Rights Clearinghouse chronology of data breaches http://www.privacyrights.org/data-breach lists over 500 million records breached since 2005, including details. Technology gurus say once something is posted on the Internet it remains there forever. You can bet the organizations in these articles cringe at the constant and permanent reminder of a gaffe they would rather everyone forget.

The 2010 Data Breach Investigations Report is a study conducted by Verizon and the U.S. Secret Service, analyzing data breaches from the past six years. The results can help shed light on common causes of data breaches.

For example, according to the study, in 2009 48% of data breaches were caused by insiders, both deliberately and unintentionally. Misuse also accounted for nearly half of breaches. Misuse can occur from insiders, but can also happen when a partner or third party does not take appropriate steps to protect an organization's data. What I find hopeful is that only 1% of data breaches from misuse were the violation of an IT asset disposal policy.

This relates to a 2010 Converge Trends Report statistic: 86.4% of respondents have a formal, end-of-life ITAD strategy. In our 2009 study, only 67.3% responded that they had such a strategy. All of these findings indicate that IT asset disposition strategies are being recognized as crucial to organizations' data security efforts, and organizations are communicating them internally. In fact, in the Trends Report, 83.5% said their organization had controls in place to ensure that end-of-life equipment is disposed of in accordance with their corporate strategy.

Each of these studies is managed independently, with varying controls and samples. While none of them can be considered "comprehensive", each can provide some level of useful information to help you evaluate and refine your IT asset disposition strategy. If there are other relevant surveys or reports, let me know by sending me a comment.

Share this blog post:

No comments:

Post a Comment