LOGIN | REGISTER NOW | SUBSCRIBE
 
 
News on Monday
more>>
SharePoint Tech Report
more>>


   

 
 
Download Current Issue
ISSUE 7/1/2009 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?


 
Is the mystery Borland suitor Serena?
Borland software is considering an offer from another company after a preliminary deal with MicroFocus. Is Serena the new company?
06/30/2009 01:55 PM EST

Windows 7 - An eBayer's dream product?
Windows 7 pre-orders can make people money on eBay.
06/29/2009 03:48 PM EST

Know thine cloud provider
Cloud computing require companies to understand compliance and regulation. Third parties will play a big role in regulated industries.
06/29/2009 02:58 PM EST

 

Microsoft Worldwide Partner Conf.
7/13/2009 to 7/16/2009
New Orleans
Microsoft

OSCON (Open Source Convention)
7/20/2009 to 7/24/2009
San Jose
O'Reilly Media

XBRL Technology Workshop & Summit
7/28/2009 to 7/30/2009
Santa Clara
XBRL US

ACM SIGGRAPH
8/3/2009 to 8/7/2009
New Orleans
ACM SIGGRAPH

OpenSource World (formerly LinuxWorld)
8/12/2009 to 8/13/2009
San Francisco
IDG World Expo


 
print Printable version 
Most Read Latest News Blog Resources
Kapow automates website data retrieval
Kapow Technology's Web Data Server 7.0 can be used to create modules that navigate through...

Oracle's Fusion 11g lays groundwork for ERP platform
Fusion's components are standards-based and integrated, but some abilities are lost if non...

COBOL’s future lies in the clouds
After 50 years of use in businesses, COBOL is still lingering around mainframes. But the s...

Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter

A World Half-Full of Data Boneheads


By Edward J. Correia
January 22, 2008 — 
Last week, I wrote about a study warning of the “unseen crisis” of data security when a company’s live data is opened to testers. It surprised me to learn that so many organizations still fail to take simple precautions to safeguard data.

According to the survey’s nearly 900 respondents, 49 percent of companies that outsource development and/or testing said they share their live data with those service organizations. In a separate question, fully 50 percent said they would be unable to detect the unintentional use of live data during application testing. This to me is troubling.

“This represents significant risk, because even though companies outsourced the development project, the responsibility of data security remains theirs,” says Larry Ponemon, founder of the Ponemon Institute, the independent privacy and security practices research firm that authored the study.

A huge majority of companies—81 percent—seek to protect live data transferred to third parties with the use of contractual clauses. “While this provides some protection,” says Ponemon, “data can still be abused, and it does not protect against a company’s damaged reputation if a breach were to occur.” As an added measure, 78 percent of companies require the outsourcer to destroy the data after use. “But this only limits the window of exposure; [it] doesn’t eliminate the risk,” he says. Of those experiencing known data leaks, outsourcers fessed up 46 percent of the time.

Ponemon added that encryption, which is in use by a quarter of respondents, doesn’t solve the security problem. “A recent TJX data breach shows that even encrypted data files do not guarantee that sensitive data will not be breached,” referring to a highly publicized compromise of more than 45 million credit- and debit-card numbers in March 2007.

More than half of companies surveyed are protecting their data by supplying not current data but older, obsolete data. But Ponemon views this as a half-measure that can actually drive up costs in the end. “Older data still contains sensitive information and may very likely contain out-of-date contact information, which makes notification that much more costly and almost impossible.”

Unlimited Data and Uncertain Guidelines
Less widespread is the use of limitations to data, and data encryption or “anonymization,” which is the practice of removing person-related information from live records. A number of tools exist for this. The survey also showed that only 20 percent use the consistent safeguards when protecting sensitive or confidential data in both production and development, Ponemon says.

Among the most surprising statistics to me was the uncertainty among organizations as to the specific guidelines in place to safeguard data and who’s responsible for enforcing them. “Of the [59 percent of] respondents who indicated they had guidelines, there again seems to be a very high level of uncertainty about which group is accountable for implementation,” says Ponemon. “In fact, close to one-third of those who responded said they either didn’t know who was responsible or that no one is responsible for implementing security guidelines.”

What’s more, 46 percent of those with guidelines also said they don’t enforce them.

The survey included responses from 897 IT workers up and down the management chain in more than a dozen industries in the U.S. The five most common titles of respondents were programmer (18 percent), software tester (17 percent), application developer (11 percent), quality assurance (10 percent), information systems (7 percent) and other (36 percent). The study, titled “The Insecurity of Test Data: The Unseen Crisis,” was published in December 2007, and sponsored by Compuware.


Share this link: http://www.sdtimes.com/link/31669
 

Add comment


Name*
Email*  
Country     


  • Comment
  • Preview
Loading