Ward Solutions’ survey finds that organisations consider cloud storage to be the safest way to store data, yet nearly a fifth admit to not knowing where their data is.
Earlier this month, Ward Solutions revealed the results of its 2016 Data Protection and Compliance survey, which was conducted in association with TechPro magazine. The results were eye-opening, revealing that almost half of Irish businesses would not disclose an incident of data breach to impacted third parties such as customers and suppliers. What’s more, 33% stated that they had suffered a data breach in the past 12 months, a statistic which suggests that almost half of businesses have failed to notify affected third parties of incidents of cybercrime.
As well as looking at cybercrime, the survey also investigated trends in data storage, asking IT professionals whether they were more or less concerned about data that was being stored in-cloud or in third party premises, or that held on their own premises. More than 60% of respondents stated that they believed cloud storage to be equally safe or safer than on premise storage. This response reflects Ward Solutions’ experience increasing acceptance and adoption of cloud storage among customers as a viable alternative to on premise storage. Due to the increasingly systemic approach to risk assessment and increased due diligence of many organisations when it comes to cloud solutions, cloud services can be at least as secure as on premise, if not more so.
Despite this, many organisations admit to being unaware of where their data is located, with nearly a fifth (18.8%) stating that they were not at all confident or that they did not know where their data was. Ward’s due diligence investigations of data processing supply chains reflect this lack of awareness. Despite assurances regarding data location and handling from organisations at the higher levels in the supply chain, weak application of processes and controls or lack of visibility and understanding of data processing and handling by sub suppliers can lead to data being left vulnerable to attack or theft.
In order to maintain the security of data in the supply chain it is important to conduct security compliance audits on an ongoing basis. Since third party access to data typically presents a higher risk than own staff access, the verification of the application of processes and controls is important to manage this risk. What’s more, Ward has noted the emergence, particularly in the last 12 months, at enterprise B2B level, of onerous supply chain due diligence and contracting. This suggests that organisations that currently don’t conduct audits of third party access to data will need to change rapidly if they plan on continuing to do business with these enterprise customers.
Ward’s view is that, in the next 24 months, most organisations planning on doing business at enterprise B2B level will need to display ISO 27001 certification in order to be selected or re-validated as a supplier. As well as this, the recent appointments at GCIO level mean that similar procedures may be implemented at public sector and government level in the not-so-distant future.
To find out more about Ward Solutions’ 2016 Information Security Survey read our blog on the results. To learn more about Ward Solutions’ ISO 27001 accreditation consultancy offerings visit https://www.ward.ie/ or call +353 1 6420100.