Comprehensive Software Reviews to make better IT decisions
Varonis Report Identifies Widespread Shortcomings of Organizational Data Security Despite Increased Pressure of Regulations
Varonis reports that even after GDPR, businesses still are failing to effectively protect sensitive data. The report investigated Data Risk Assessments performed in over 30 countries, across over 30 industries. GDPR has been in full effect for over a year, but many organizations are still struggling to comply with adequate protection of sensitive data. The Varonis report highlights that 53% of companies found over 1,000 sensitive files accessible to all employees, meanwhile 22% of folders were open to every employee. On top of that, over 58% of organizations found over 1,000 stale user accounts and on average, 53% of data was stale across the organizations studied. In fact, 71% of organizations found over 5,000 stale, sensitive files.
Organizations need to take a strict approach to data privacy. Based on the findings of the report, it is evident that many organizations need to implement more appropriate measures to limit internal access to sensitive and regulated data. Audits and reviews of servers to assess the relevance of their access groups is a must-do for any organization aiming to be compliant with regulations like GDPR or CCPA.
The prominence of stale data is a concerning statistic. By keeping sensitive files past their mandatory retention period, organizations are introducing additional unnecessary risk. To address this, organizations are encouraged to implement Privacy by Design practices, by minimizing the amount of sensitive data that is collected, accessible, and retained. Once it is no longer needed, the stale data should be archived or deleted.
Organizations must not only focus on keeping attackers out, but also focus on securing data internally. Preventative controls, such as encryption, can work in tandem with stricter access controls to help organizations reach compliance with new and existing privacy regulations.
Want to Know More?
Osano recently released its SaaS privacy solution aimed at simplifying compliance and vendor assessments. The product feels familiar, but Osano’s ethical commitment sets it apart from the crowd.
TrustArc has announced the acquisition of Canadian counterpart, Nymity – a more boutique-style vendor known for its very high standard of privacy research, expertise which manifests in its product offering.
Data governance player Collibra recently announced the acquisition of SQLdep, a leading provider of automated data lineage.
Privacy by Design (PbD) is a General Data Protection Regulation (GDPR) requirement, but effective implementation requires deep insight into the operation and interconnection of various data collection processes. Thus, PbD can be difficult to document and demonstrate. However, Proteus may help.
BigID launches a certification program, aimed to help users, administrators, and organizations demonstrate compliance.
TrustArc’s introduction of Privacy Profile aims to solve an ongoing problem privacy professionals have: identifying all applicable regulations.
Quest Software’s new add-on module, Toad for Oracle Standard Data Protection (SDP), automates the detection and remediation of potential violations of data privacy regulations such as GDPR, HIPAA, and PCI.
Nymity expands its product offering with the introduction of a new Data Subject Requests product.
Nymity expands its product offering with the introduction of new privacy compliance solutions.