In security, what organizations don't know about their data that can hurt them.
In a new survey sponsored by mobile security provider WatchDox, the Ponemon Institute found that more than 80 percent of the 798 IT professionals surveyed did not know how much of their organization's data is stored on cloud file sharing services or mobile devices.
In addition, most organizations did not have technical controls in place to protect regulated data on mobile devices, with 73 percent relying on manual policies and just 12 percent utilizing mobile device management technology. Only six percent used mobile digital rights management products while four percent used mobile application management tools.
"While almost every IT practitioner recognizes the risk to regulated data in their organizations, steps to understand the extent of such data on mobile devices and in the cloud are not taken," according to the report.
"The greatest data protection risks to regulated data exist on mobile devices and in the cloud," the report contends, observing that respondents believe the greatest areas of potential risk to regulated data within organizations are with mobile devices (69 percent of respondents), cloud computing infrastructure (45 percent of respondents) and applications (33 percent of respondents).
Still, the survey found that 59 percent of respondents said their organization permits employees to use their own devices (BYOD) to access and use regulated data. In addition, 43 percent of respondents say that their organization allows employees to move regulated data to cloud-based file sharing applications, the report notes.
The study also found that many respondents were not fully aware of the role compliance regulations should play in mobile security. For example, even though 67 percent of respondents said their organizations must comply with U.S. and state privacy and data breach laws, only 18 percent are aware that these laws specify the protection of regulated data on mobile devices, including employees’ personal devices used for work purposes.
On average, organizations represented in the study experienced almost five mobile device-related data loss incidents in the past two years, resulting in the breach of an estimated 6,000 individual records, according to the report.
According to the Ponemon Institute, organizations should make sure they know how much regulated data is on employee mobile devices and take steps to prevent employees from accessing data unsecurely.
“Regulated data isn’t subject to a lower standard of protection just because it ends up on a mobile device,” said Ryan Kalember, chief product officer at WatchDox, in a statement. “This study clearly shows that IT departments must understand the risks and be more proactive to accommodate mobile productivity while still protecting the organization’s data.”