Some 80 per cent of IT professionals do not know how much of their organizations’ regulated data is stored on cloud file sharing services or mobile devices – creating significant risk and compliance issues.
That is the finding of the Ponemon Institute’s 2013 The Risk of Regulated Data on Mobile Devices study.
The report focuses on the risks associated with employee access to regulated data, such as protected health and financial information, via company or personal mobile devices and how this affects a business’ ability to comply with privacy and data protection laws.
The research found that more than 80 per cent of the 798 IT professionals surveyed did not know how much of their organizations’ regulated data is stored on cloud file sharing services or mobile devices.
Most organizations also had weak controls in place to protect regulated data on mobile devices, with 73 percent relying on manual policies and few utilizing mobile device management (12 percent), mobile digital rights management (6 percent) or mobile application management (4 percent) tools.
The study also highlighted substantial compliance gaps. For example, 67 percent of respondents said their organizations must comply with US and state privacy and data breach laws.
However, only 18 per cent are aware that these laws specify the protection of regulated data on mobile devices, including employees’ personal devices used for work purposes.
On average, organizations represented in the study experienced almost five mobile device-related data loss incidents in the past two years, resulting in the breach of an estimated 6,000 individual records.
The Ponemon Institute survey results also state that regulated data on mobile devices and in the cloud is at risk because organizations do not know how much regulated data is on mobile devices used by employees or transferred to cloud-based file sharing applications and fail to prevent employees from accessing regulated data using unsecured mobile devices.
“Regulated data isn’t subject to a lower standard of protection just because it ends up on a mobile device,” said Ryan Kalember, chief product officer at WatchDox, who sponsored the study. “This study clearly shows that IT departments must understand the risks and be more proactive to accommodate mobile productivity while still protecting the organization’s data.”
mobile, concern, IT, controls, data
