Who Has Access to Your Sensitive and Confidential Workplace Data?

Last month, I reported that many companies are struggling to keep pace with the compliance and risk policies necessary for effective social media governance.

Now, HP has released new global research indicating that organizations also face increased threats from an even more fundamental policy and procedures issue: poor control and oversight of sensitive and confidential workplace data.

According to the new study conducted by the Ponemon Institute, many companies say they have well-defined policies for individuals with privileged access rights to specific IT systems. However, almost 40 percent were unsure about enterprise-wide visibility into specific rights, or whether those with privileged access rights met compliance policies.

The survey, which focused on more than 5,000 IT operations and security managers across the US, the UK, Australia, Brazil, France, Germany, Hong Kong, India, Italy, Japan, Korea, Singapore and Spain, also found that:


More than half (52 percent) feel they are at least "likely" to be provided with access to restricted, confidential information beyond the requirements of their position.


More than 60 percent reported that privileged users access sensitive or confidential data out of curiosity, not job function.


The potential for privileged access abuse varies from country to country, with France, Hong Kong and Italy having the greatest potential, and Germany, Japan and Singapore having the least.


Customer information and general business data are at the highest risk, and the most threatened applications included mobile, social media and business unit specific applications.


"This study spotlights risks that organizations don't view with the same tenacity as critical patches, perimeter defense and other security issues, yet it represents a major access point to sensitive information," said Tom Reilly, vice president and general manager, Enterprise Security Products, HP. "The results clearly emphasize the need for better access policy management, as well as advanced security intelligence solutions, such as identity and privileged user context, to improve core security monitoring."

More details from the study, titled The Insecurity of Privileged Users, are available in this press release from HP.