The average compliance cost of unstructured data varies with the size of the organization. Companies with fewer than 5,000 employees have an average compliance cost of $1.23 million, while companies with more than 75,000 employees have an average compliance cost of $2.71 million, indicating that smaller businesses pay six times more per employee than larger businesses, according to the report.
Heavily regulated industries, such as financial services, pharmaceuticals, communications, and healthcare, have higher average compliance cost, incurring an average of $2.5 million annually, according to a review of 94 large US firms.
Ponemon breaks down compliance costs into the following activities: access governance, configuration management, assessment and audit, policy management, e-discovery, monitoring and scanning, backup and disaster recovery, specialized equipment cost, and specialized software costs.
A number of these activities include implementation of information security policies and regulations. For example, “access governance” includes cost associated with identity, authentication, provisioning, and access rights, which all have an information security component.
“Assessment and audit” includes compliance cost associated with review, evaluation, and verification of data storage based on the organization’s data security requirements, including regulatory compliance audits. “Policy management” includes cost associated with development, implementation, and enforcement of a company’s data storage policies, including those specified by laws and regulations. E-discovery involves the cost associated with discovery of electronic documents for litigation, data breach investigation, and compliance with the Health Insurance Portability and Accountability Act privacy rules.
The most expensive compliance cost associated with the storage of unstructured data are e-discovery, access governance, and internal auditing activities. Together, these activities cost businesses over $1.9 million on average annually.
Novell provides a file management suite that enables companies to automate file management based on identity, explained Sophia Germanides, product market manager at Novell.
“We have a solution that ties file storage to user identity, which is important to the business because when an internal or compliance audit comes down to find where breaches are…all you really care about is the ‘who’. It doesn't matter what size the file is; it doesn’t matter what type the file is”, Germanides told Infosecurity.
“On the security side, policies are where you start. The problem with file storage is that the policy may exist in the help desk or in a manual, but it requires a lot of manual processes to enact that policy, whether you are talking about end users or IT. The reality is file storage management is an incredibly manual process, from provisioning a new user to what happens to all his data when the user leaves the company. A lot of companies abandon that information because they do not have an automated way to secure that data”, Germanides said.