The New Security Landscape

Alarming Research

According to the 2010 Annual Study: U.S. Cost of a Data Breach by Poneman Institute, a Michigan-based research center that studies privacy, data protection and information security policy, security breaches cost $214 per compromised record and average $7.2 million per data breach event.

A data security breach could lead to considerable fines and penalties – over $200 per record, averaging over $6.5 million per data breach. It also can lead to negative publicity and irreparable damage to your reputation.

A survey in the Financial Times reported that 2010 was the first year the value of digital assets stolen exceeded the value of physical assets. The Ponemon Institute cited the financial industry with one of the highest average per-record costs to repair a compromised record at $353. And, the Identity Theft Resource Center Breach List indicated over 16 million reported exposed records in 2010 with 62% reporting exposure of Social Security Numbers.

The Impact of Security

There are over 100 different regulations pertaining to data protection and security. Major regulations, mandates, and security standards such as PCI DSS, HIPAA, HITECH Act, OMB M-06-16, and FIPS 140 have caused organizations to become actively engaged in finding a security solution. Internal policies, industry mandates, and government regulations demand strong protection of sensitive data. Non-compliance results in considerable fines and penalties.

Today’s computing environment involves a wide variety of computing platforms and operating systems, making file exchange with external partners and customers problematic. Threats to security spark concerns of more costs, use of resources, and disruption to existing processes. Then, try to convince business partners to adopt your security policies…a daunting task.

Your extended enterprises, partner networks and virtual machines may be continuously scrutinized for compliance. All sensitive data must be protected with appropriate measures. Various organizations within any partner network will inevitably employ different security methods and policies. It is typically a cumbersome process to gain the cooperation of all affiliates within a group to ensure exchanged data remains secure.

Originators of security initiatives often find that their efforts are met with much scrutiny, even outright disregard, as partner enterprises can be less willing to invest time, budget and oversight to protect information. In response, Originators assume the burden of proof in an effort to convince partners that added security will not hamper productivity or increase IT complexity.