Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Accenture Outlook How Secure is Data IT

Accenture Outlook How Secure is Data IT

Ratings: (0)|Views: 50 |Likes:
Published by Accenture

More info:

Published by: Accenture on Feb 23, 2010
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Information Technology
How secure is your confidential data?
By Alastair MacWillson
A company’s approach to data protection and privacy should bemore than legally compliant. It must be a core part of both theorganization’s business value proposition and its culture, as wellas global in scope. Here’s how it’s done.
The journal o high-perormance business
This article appears inthe February 2010 issue of 
Outlook 2010
Number 1
Data protection has quietly passeda tipping point. Although someleading organizations—especiallyin Europe and North America—havemade signifcant strides in securingsensitive data, many other enter-prises are slowly awakening to thereality that they are lagging in their data protection eorts.Confdential data—including custom-er inormation, business plans andfnancials—has become one o everyorganization’s most important assets. Yet technology advancements, newbusiness models and increasinglysophisticated and globally intercon-nected business processes have out-paced not only regulations designedto ensure the privacy and protectiono personal and other data but alsomany organizations’ own ability toeectively secure sensitive businessinormation.The resulting shortcomings, incritical areas ranging rom em-ployee training to technologyinrastructure, have made orga-nizations in both the private andpublic sectors extremely vulner-able to security breaches and themisuse o sensitive data, even asawareness o data privacy and pro-tection issues has increased amongbusiness leaders, regulators andconsumers. And there’s more atstake or these organizations thanregulatory fnes; as several high-profle data breaches over the pastew years have shown, reputationsand businesses can be ruined byinadvertent disclosures o custom-er or other confdential data. As the volume o data businessescollect, store and analyze increasesexponentially, many executiveteams fnd themselves in a precari-ous position: They can no longer assure customers that their personalinormation is sae rom misuse.“No matter how good a company is[at protecting data], there’s always apossibility that inormation will leakout,” says Larry Ponemon, chairmanand ounder o the Ponemon Insti-tute, a US privacy and inormationsecurity research group. “Companiescan never say the data they collectabout you is perectly secure. Butthey can be good at managing or mitigating the risk.”
Intentions versus reality
Given the importance o the issue, Accenture set out to study the cur-rent state o corporate data protectionand privacy. In two separate globalsurveys, we polled 5,500 businessleaders and more than 15,000 adultconsumers in 19 countries. Our objective was to understand howperceptions about data protection andprivacy—rom both business leadersand individuals—inorm and inu-ence data protection practices. Our research revealed important fndingsin fve key areas.
1. Trust
There is a notable difference between organizations’ intentions regardingdata privacy and how they actually protect it. This discrepancy createsan uneven trust landscape, which makes it particularly difcult for thosedoing business to trust that their data is being used by their counterpartiesin accordance with their expectations.
 Although approximately 70 percento business respondents in our survey agreed that organizationshave an obligation to take reason-able steps to secure consumers’personal inormation, there wereseveral inconsistencies in their stated obligations about doing so.
Outlook 2010
Number 1
with inadequate privacy laws, andprevent cyber crimes against con-sumers and data loss or thet.There are several possible expla-nations or this inconsistency,including industry dierencesin the approach to data protection,cultural or regional dierences,the lack o organizational account-ability or security policy, and theact that some companies ocuson meeting compliance targetsrather than on orchestrating acomprehensive data protection andprivacy program.For example, 45 percent o thebusiness respondents were unsureabout or actively disagreed withgranting customers the right tocontrol the type o inormationthat is collected about them, while47 percent were unsure about or disagreed with customers having aright to control how this inorma-tion is used. Nearly hal did notbelieve it was important to limit thecollection and sharing o sensitivepersonal customer inormation,protect consumer privacy rights,prevent cross-border transers o personal inormation to countries
2. Accountability
A majority of companies have lost sensitive personal information,the biggest causes of which are internal errors and other things thecompany could potentially control. This suggests that accountabilityfor and ownership of sensitive data are not being properly addressedin many organizations.
In one case, a mobile phone opera-tor lost a disk containing data on17 million customers; in another,a European government’s nationaltax ofce mistakenly sent out CDscontaining confdential inormationabout nearly 4 million people tothe country’s newspapers, radiostations and television stations.There are several contributingactors to these internal vulner-abilities, none o them outwardlymalicious but all o them troubling.They include insufcient training,inadequate controls and incompletemapping o internal data ows (seesidebar, page 5).Ongoing innovation in areas such asdata storage and mobility are com-pounding the challenge. Portabledevices are getting smaller, can holdmore data, and can seamlessly con-nect to servers, networks and other portable devices, literally puttingmore power—and more data—into thehands o individual users.Fity-eight percent o businessrespondents said their companyhad lost sensitive personal inor-mation, and nearly 60 percent o those who’d had a breach said thatdata loss is a recurring problem.Thirty-one percent o those busi-nesses said they’d had three or more instances o data loss in theprevious 24 months. Among these companies, the biggestcauses o data loss are internal—problems presumably well withintheir ability to detect and correct.Business or system ailure (57 per-cent) or employee negligence or errors(48 percent) were cited most otenas the source o the breaches; cyber crime was cited as a cause o only18 percent o the security breaches.These fndings belie commonassumptions that external orcesare the biggest threats to privacyand security. But they are con-sistent with reports o major breaches caused by employee error.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->