A new report by Forrester Research, commissioned by Microsoft and RSA, the security division of EMC, found that even though corporate intellectual property comprises 62 percent of a given company's data assets, security programs are focused on compliance rather than data protection.
The report highlights a number of key findings, that provide a number of things to think about if you are remotely involved in the security of corporate data:
Secrets comprise two-thirds of the value of firms' information portfolios Compliance, not security, drives security budgets Firms focus on preventing accidents, but theft is where the money is The more valuable a firm's information, the more incidents it will have CISOs do not know how effective their security controls actually are
According to Forrester, corporate security programs are typically divided into two main categories of data types to protect: secrets and custodial data.
Secrets--that can confer long-term competitive advantage such as product plans, earnings forecasts, and trade secrets.
Secrets refer to information that the enterprise creates and wishes to keep under wraps. Secrets tend to be messily and abstractly described in Word documents, embedded in presentations, and enshrined in application-specific formats like CAD.
Custodial data--which includes customer, medical, and payment card information that becomes "toxic" when spilled or stolen.
Custodial data has little intrinsic value in and of itself. But when it is obtained by an unauthorized party, misused, lost, or stolen, it changes state. Data that is ordinarily benign transforms into something harmful. When custodial data is spilled, it becomes "toxic" and poisons the enterprise's air in terms of press headlines, fines, and customer complaints. Outsiders, such as organized criminals, value custodial data because they can make money with it. Custodial data also accrues indirect value to the enterprise based on the costs of fines, lawsuits, and adverse publicity.
Forrester notes that while toxic data spills are both dramatic and expensive, secrets are actually much more valuable and are an "underappreciated and underprotected information asset." … Read more