Safe door

Firms must face third-party security risks

Most organisations are in denial about the security risks of sharing data with partners, says Ernst & Young

Written by Phil Muncaster

IT Week, 16 Nov 2006

Over half of organisations are failing to manage the risks of sharing data with third parties, although many are now investing in securing the capture and storage of sensitive data, according to a new global survey by consultancy Ernst & Young.

The firm's Global Information Security Survey of 1,200 public and private sector organisations in nearly 50 countries found that more than three-quarters cited privacy and data protection as a significant issue; with 52 percent addressing privacy and data protection with formal procedures.

"It's been an issue for years but it has been done in an ad-hoc way through point solutions," explained the firm's UK head of Technology and Security Risk Services, Richard Brown. "But now consumers are being more savvy in that area, and organisations are getting on top of segregation of duties and securing data. "

He added that although many firms are now taking "a good solid risk management approach" to data security, it is becomingly increasingly important to have disaster recovery processes underpinning that. But only half of respondents said they actually tested their plans while only 46 percent said they have communication strategies in place.

Another major finding of the survey was the lack of formal agreements with third-party suppliers for secure data sharing in just over half of firms. Brown argued that this is because contracts are often set up without the input of the CIO, who should enforce compliance with corporate standards over data security.

Donald Massaro, chief executive of secure messaging specialist Sendmail, agreed that firms are now taking data security a lot more seriously, driven by compliance with new legislation and high profile data breaches.

"It has reached a tipping point in the States and the Californian [data breach notification] law has put some teeth on it," he explained. "Also, if you lose intellectual property that is violating Sarbanes Oxley; it's all high visibility stuff which has the attention of [top-level executives] and it's moving over into Europe."

Tags:

reader comments

related articles

Firms failing on data sharing

Firms are acting to secure sensitive data, but third party risks remain 14 Nov 2006

 

Data privacy in spotlight after European ruling on flight data

A new deal is needed to allow EU states to provide passenger information to the US 01 Jun 2006

Data theft by employees 'commonplace'

No qualms about copying the customer database, says report 29 Sep 2006

ICO

Information Commissioner says database threatens way of life

Calls for public debate about Government plans 16 Jul 2008

Government assesses security procedures in light of data breach

Information Commissioner’s Office given power to carry out spot checks on government departments 23 Nov 2007

HMRC leak raises prospect of new data rules

Will the loss of two CD-roms make the government overhaul its security procedures? 22 Nov 2007

today's top stories

Internet

Analysis: Will IE8 cause more problems than it solves?

Microsoft's new browser may lead to compatibility issues and affect online advertising 29 Aug 2008

Management

CIO morale plummets as crunch hits

Fewer opportunities and less responsibility depress IT managers 27 Aug 2008

Software

The pIT stop Q&A: Should packaged software users adopt SOA?

Our expert panel answer readers' questions 29 Aug 2008

Management

Computing podcast 28 August 2008

CIO job satisfaction plummets, and why schools' IT spending is set to top £1bn 28 Aug 2008

Communications

The definitive guide to collaboration

Five key technologies and five best practice tips to improve your collaborative IT 28 Aug 2008

> More news

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
  • You set the job criteria
  • You set the freqency
Sign up here

Find your next job here

Advertisement

White papers

Search white papers

Top categories

VPN, Extranet and Intranet Solutions

WAN/ LAN Solutions

Network Security

Interoperability-Connectivity

Grid/ Utility Computing

Latest poll

Would you recruit a student with an IT degree?

Would you recruit a student with an IT degree?

As IT student numbers plummet - would you recruit an IT graduate?

Previous poll results

> More polls

Latest audio and video articles

A stressed CIOAudio

Computing podcast 28 August 2008

CIO job satisfaction plummets, and why schools' IT spending is set to top £1bn 28 Aug 2008

Bryan Glick video whiteboardVideo

The definitive guide to collaboration

Five key technologies and five best practice tips to improve your collaborative IT 28 Aug 2008

> More audio and video

Latest in-depth articles

Myron HrycykAnalysis

General management skills are now as important as technical ability

A selection of leading chief information officers talk about what they see as the most important aspects of the role 28 Aug 2008

Internet Explorer logoAnalysis

Analysis: Will IE8 cause more problems than it solves?

Microsoft's new browser may lead to compatibility issues and affect online advertising 29 Aug 2008

> More in depth articles

Primary Navigation