We hear a lot of buzz about protecting both customer and company data, but it's alarming how few IT departments and enterprise users are protecting their data correctly. A recent survey conducted for Oracle reveals that fewer than 30% of their respondents are encrypting personally identifiable information.
Data and network security should be the basis for every IT decision, but it is typically an afterthought. Oracle's report also concludes that half of companies surveyed profess a strong commitment to data security, but only 17% have begun to scratch the surface.
Lack of data security is often due to corporate culture and the fear of change. Most companies at the corporate level agree they are committed to data security and protecting customer records. If a company's official stance is to protect their data, where are the security holes?
We believe the largest security holes exist in the departments outside the core IT organization. They don't place the same value on the data as the IT Security team. Many companies still allow their employees to perform file transfers directly from their desktops and laptops using FTP or other unsecure tools. Not only are these ad-hoc methods unsecure and capable of exposing passwords or entire databases, they don't all function alike and don't provide centralized logs.
Educating employees about the dangers of unsecured and/or unnecessary data transfer is more business-friendly than preventing it all together. Part of this process should be moving everyone to a managed file transfer methodology, like GoAnywhere MFT. This not only secures your data transfers, but it creates a digital paper trail showing where assets are going, which is important when you consider all the data security compliance regulations in effect today.
Data security for the millions of files sent over the Internet or within "the cloud" is of great importance to all industries, including health care, retail, banking, and finance. Internet transfers include the critical data needed to conduct business, such as customer and order information, EDI documents, financial data, payment information, and employee- and health-related information. Many of these information transfers relate to compliance regulations such as PCI DSS, SOX, HIPAA and HITECH, state privacy laws, or other mandates.
We need to grow a data security culture that includes securing file transfers.