The average compliance cost of unstructured data varies with the size of the organization. Companies with fewer than 5,000 employees have an average compliance cost of $1.23 million, while companies with more than 75,000 employees have an average compliance cost of $2.71 million, indicating that smaller businesses pay six times more per employee than larger businesses, according to the report.
Heavily regulated industries, such as financial services, pharmaceuticals, communications, and healthcare, have higher average compliance cost, incurring an average of $2.5 million annually, according to a review of 94 large US firms.
Ponemon breaks down compliance costs into the following activities: access governance, configuration management, assessment and audit, policy management, e-discovery, monitoring and scanning, backup and disaster recovery, specialized equipment cost, and specialized software costs.
A number of these activities include implementation of information security policies and regulations. For example, “access governance” includes cost associated with identity, authentication, provisioning, and access rights, which all have an information security component.
“Assessment and audit” includes compliance cost associated with review, evaluation, and verification of data storage based on the organization’s data security requirements, including regulatory compliance audits. “Policy management” includes cost associated with development, implementation, and enforcement of a company’s data storage policies, including those specified by laws and regulations. E-discovery involves the cost associated with discovery of electronic documents for litigation, data breach investigation, and compliance with the Health Insurance Portability and Accountability Act privacy rules.
The most expensive compliance cost associated with the storage of unstructured data are e-discovery, access governance, and internal auditing activities. Together, these activities cost businesses over $1.9 million on average annually.
Novell provides a file management suite that enables companies to automate file management based on identity, explained Sophia Germanides, product market manager at Novell.
“We have a solution that ties file storage to user identity, which is important to the business because when an internal or compliance audit comes down to find where breaches are…all you really care about is the ‘who’. It doesn't matter what size the file is; it doesn’t matter what type the file is”, Germanides told Infosecurity.
“On the security side, policies are where you start. The problem with file storage is that the policy may exist in the help desk or in a manual, but it requires a lot of manual processes to enact that policy, whether you are talking about end users or IT. The reality is file storage management is an incredibly manual process, from provisioning a new user to what happens to all his data when the user leaves the company. A lot of companies abandon that information because they do not have an automated way to secure that data”, Germanides said.
Comments
Chris Sullivan, Courion says:
01 July 2011
The management of unstructured data within enterprises is an issue that has traditionally been swept under the rug. Courion is happy to see that the industry is beginning to recognize what a massive problem area this represents, and that there are actually solutions that address it. Getting a handle on which users are accessing which file shares, and what data is actually stored there requires a measured risk management approach that combines a comprehensive set of preventive and detective controls. Ensuring that user access to file shares and other unstructured data stores is aligned with corporate security policies and industry regulations is hugely important, and enterprises need solutions that can help them identify and focus on the locations of file shares that present the highest degree of risk, and then indicate whether the access to these high risk shares is appropriate. Luckily, there are advanced solutions like Courion’s Compliance Manager for File Shares that work with tremendous efficiency to give organizations like HCR ManorCare control over this often daunting process. – Chris Sullivan, VP of Courion Labs, Courion Corporation
Note: The majority of comments posted are created by members of the
public. The views expressed are theirs and unless specifically stated are not those
Elsevier Ltd. We are not responsible for any content posted by members of the public
or content of any third party sites that are accessible through this site. Any links
to third party websites from this website do not amount to any endorsement of that
site by the Elsevier Ltd and any use of that site by you is at your own risk. For
further information, please refer to our Terms & Conditions.
Comment on this article
You must be registered and logged in to leave a comment
about this article.