STAMFORD, CT – March 03, 2005 – Findings from a recent poll conducted by Protegrity Corporation, the leading innovator for data security management, show 92% of technical and security professionals are “concerned” about their companies’ current ability to pass compliance audits for data security. The poll found that the same professionals also lack confidence that their companies will be able to meet future compliance requirements – which will likely be much more stringent than those currently in effect. Seventy-five percent of respondents are “concerned” that their companies’ will not successfully comply with future security requirements.
“The news of the last few weeks has been a very public demonstration of the business risks associated with ineffective data security policies and the costs – both in dollars and brand damage – of not meeting compliance requirements,” said Gordon Rapkin, President and CEO of Protegrity. “Our recent poll shows that most technical and security professionals suspect that their own companies could be vulnerable to similar situations in the event of a security breach. The regulations set the minimum bar, and not the recognized best practices. However this poll shows most organizations have not even complied with the minimum level of protection and certainly have not gone so far as to encrypt sensitive information.”
An earlier Protegrity poll showed that while 52% of companies placed database security as their top security priority, over 70% of the companies had in fact spent their security budgets solely on perimeter security and only 7% had actually invested in database security. According to Rapkin, this is a major disconnect in security investments, and has left most corporate databases highly vulnerable to internal and external threats, thus exposing customer data to theft and abuse.
Organizations should make reasonable plans and measured progress toward implementing appropriate controls at the database level,” said Charlie Garry, Vice President and Director of Meta Group and author of “Data Privacy and Compliance: The Reasonable Man Test.” “The encryption of data within the database is becoming a reasonable step to take and one that organizations should consider in their security strategies.”
Security regulations impact a wide range of businesses – from healthcare to retailers to financial services companies – and impose stiff penalties for companies that do not adhere to requirements or which have reported security breaches. Regulations such as HIPAA, the Gramm-Leach-Bliley Act, Sarbanes-Oxley, Visa’s Cardholder Information Security Program (CISP), Master Card’s Site Data Program, and California SB 1386 have been implemented in order to safeguard sensitive investor and consumer information from malicious use. By defining reasonable security standards, these regulations also increase the risk of liability lawsuits for companies not adopting best-practice security precautions.
Protegrity’s polls of technical and security professionals were conducted in conjunction with the company’s Security Fundamentals webcast series, designed to educate technology professionals and security executives on the latest business and technology issues surrounding data security. To access archived webcasts and other information on approaches to data security, go to www.protegrity.com.
About Protegrity
Protegrity Corporation is the leading innovator of data security management. The company’s flagship product, Secure.Data, enables companies to deploy comprehensive security policies that empower management to confidently take responsibility of their sensitive data. With Secure.Data, businesses can mitigate corporate risk and assure compliance with regulatory obligations. Protegrity’s solutions are platform independent and are designed to protect information wherever it resides in today’s highly distributed computing environments.
For more than eight years, Protegrity’s award-winning technology has helped more than 60 customers, including many of the Fortune 100, address and resolve critical security challenges. Protegrity invented the core technology used for data-level encryption and owns key patents for database security and protection. For more information, visit www.protegrity.com.
Secure.Data is a trademark of Protegrity Corporation. All other trademarks are the property of their respective owners.
Please direct all press inquiries to:
Paul Giardina
Protegrity Corporation
1.203.326.7200 x1004
paul.giardina@protegrity.com
Steven Blinn
BlinnPR
212-675-4777
steven@blinnpr.com
