IT firms report widespread data risks
Firms are offloading data risk to IT providers, according to a new survey by data research institute Ponemon and governance software provider Aveksa
WALTHAM, MA & TRAVERSE, MI – IT providers are not being given enough information to mitigate the data risks of their clients, says a new study by data research institute Ponemon commissioned by governance software firm Aveksa.
The study, The 2008 National Survey on Access Governance, questioned 700 US IT practitioners on their information management relationships with their clients – the two largest employers being the financial services industry (21%) and government institutions (18%).
The survey says 78% of respondents thought employees are granted access to data for which they have no need, with inadequate tools in place to inform and update IT providers of employees’ specific and often evolving responsibilities.
“The IT security organisations are judged on how quickly they deliver access. There’s no automated process to engage a business unit to regularly review users’ access to different information resources. They’re using a manual approach – spreadsheets and email – and it is very inefficient,” says Brian Cleary, Aveksa’s vice-president of marketing.
IT practitioners cannot easily automate policy enforcement and require collaboration to understand what information is relevant for user access. It is not the job of a bank’s IT team to understand what information is pertinent for a retail teller’s role, says Cleary.
“They are not regulatory compliance experts. They need audit, risk and compliance to create a better collaborative framework for governing access.”
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
More on Regulation
One year on, regulators still want a cure for bank runs
Broad support for higher outflow assumptions on uninsured deposits, but that won’t save insolvent banks
Watchlist and adverse media monitoring solutions 2024: market update and vendor landscape
This Chartis report updates Watchlist monitoring solutions 2022 and focuses on solutions for sanctions (name and transaction) screening and monitoring adverse media and its related elements
Basel Committee reviewing design of liquidity ratios
Focus on LCR and NSFR after Silicon Valley Bank and Credit Suisse, but assumptions may not change
Risk, portfolio margin, regulation: regtech to the rescue
A white paper outlining the complexity of setting the course for risk, margin and regulation
Prop shops recoil from EU’s ‘ill-fitting’ capital regime
Large proprietary trading firms complain they are subject to hand-me-down rules originally designed for banks
Revealed: the three EU banks applying for IMA approval
BNP Paribas, Deutsche Bank and Intesa Sanpaolo ask ECB to use internal models for FRTB
FCA presses UK non-banks to put their affairs in order
Greater scrutiny of wind-down plans by regulator could alter capital and liquidity requirements
Industry calls for major rethink of Basel III rules
Isda AGM: Divergence on implementation suggests rules could be flawed, bankers say
Most read
- Basel Committee reviewing design of liquidity ratios
- Breaking out of the cells: banks’ long goodbye to spreadsheets
- Too soon to say good riddance to banks’ public enemy number one