Ponemon: Most Employees Have Too Much Access to Corporate Data

A new Ponemon Institute study on corporate data showed that employees with excessive data access privileges are a growing risk to organizations. Here are the details.

Dan Kobialka, Contributing writer

December 29, 2014

3 Min Read
Varonis Systems CEO Yaki Faitelson
Varonis Systems CEO Yaki Faitelson

IT security or employee productivity? A new Ponemon Institute study on corporate data revealed most employees and IT practitioners believe their organizations are more likely to choose the latter.

The study, titled “Corporate Data: A Protected Asset or a Ticking Time Bomb?,” showed that employees with excessive data access privileges represent a growing risk to organizations.

However, study researchers also found that despite this danger, many organizations provide unlimited corporate data access to the majority of their employees.

“Data breaches are rampant and increasing. The sheer growth of both digital information and our dependence on it can overwhelm organizations’ attempts to protect their sensitive data,” Dr. Larry Ponemon, founder of the Ponemon Institute, said in a prepared statement. “This research surfaces an important factor that is often overlooked: employees commonly have too much access to data, beyond what they need to do their jobs, and when that access is not tracked or audited, an attack that gains access to employee accounts can have devastating consequences.”

Study results included:

  • 76 percent of end users said they believe there are times when it is acceptable to transfer work documents to their personal devices.

  • 73 percent of end users said they believe the growth of emails, presentations, multimedia files and other types of company data has very significantly or significantly affected their ability to find and access data.

  • 71 percent of end users said they have access to sensitive corporate data.

  • 60 percent of IT practitioners said they believe it is very difficult or difficult for employees to search and find company data or files they or their co-workers have created that are not stored on their own computers.

  • 48 percent of IT practitioners said they either permit end users to use public cloud file sync services or permission to use these services is not required.

The Ponemon Institute study, sponsored by enterprise corporate data software company Varonis Systems (VRNS), included responses from 2,276 employees worldwide.

What can MSPs learn from this study?

Varonis CEO Yaki Faitelson pointed out that the study revealed corporate data access controls and auditing can have far-flung effects on managed service providers (MSPs), their employees and their customers.

“These findings should be a wake-up call to any organization that stores information about its customers, employees or business partners,” he said. “There has been so much focus and investment on protecting the perimeter, but the most fundamental building blocks of security that protect the data inside – access controls and auditing – are often left behind.”

Study researchers also noted creating policies and procedures that highlight the importance of corporate data protection can help MSPs avoid IT security issues.

“Inconsistent messages about productivity and the importance of information security cause confusion among employees as to what their responsibilities are in protecting company data,” researchers wrote in their report. “An organization with a lack of controls and oversight is fertile ground for attacks by or through insiders.”

Share your thoughts about this story in the Comments section below, via Twitter @dkobialka or email me at [email protected].

About the Author

Dan Kobialka

Contributing writer, Penton Technology

Dan Kobialka is a contributing writer for MSPmentor and Talkin' Cloud. In the past, he has produced content for numerous print and online publications, including the Boston Business Journal, Boston Herald and Patch.com. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State College (now Bridgewater State University). In his free time, Kobialka enjoys jogging, traveling, playing sports, touring breweries and watching football (Go Patriots!).  

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like