IT firms report widespread data risks

Daily news headlines

WALTHAM, MA & TRAVERSE, MI – IT providers are not being given enough information to mitigate the data risks of their clients, says a new study by data research institute Ponemon commissioned by governance software firm Aveksa.

The study, The 2008 National Survey on Access Governance, questioned 700 US IT practitioners on their information management relationships with their clients – the two largest employers being the financial services industry (21%) and government institutions (18%).

The survey says 78% of respondents thought employees are granted access to data for which they have no need, with inadequate tools in place to inform and update IT providers of employees’ specific and often evolving responsibilities.

“The IT security organisations are judged on how quickly they deliver access. There’s no automated process to engage a business unit to regularly review users’ access to different information resources. They’re using a manual approach – spreadsheets and email – and it is very inefficient,” says Brian Cleary, Aveksa’s vice-president of marketing.

IT practitioners cannot easily automate policy enforcement and require collaboration to understand what information is relevant for user access. It is not the job of a bank’s IT team to understand what information is pertinent for a retail teller’s role, says Cleary.

“They are not regulatory compliance experts. They need audit, risk and compliance to create a better collaborative framework for governing access.”

  • LinkedIn  
  • Save this article
  • Print this page  

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact [email protected] or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact [email protected] to find out more.

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: