A new survey conducted by Forrester Consulting on behalf of Microsoft and RSA, the security unit of EMC, suggests that while companies are doing a pretty good job when it comes to securing customer information, many of them have forgotten to sufficiently secure their own intellectual property.
The survey of 305 IT decision makers at companies worldwide with 5,000 or more employees finds that most companies spend 80 percent of their security budgets on data-compliance issues related to "custodial data" and intellectual property. But while intellectual property is much more valuable than the custodial data, customers spend equal amounts of their budget -- roughly 40 percent each -- on both types of data.
Sam Curry, RSA chief technology officer for marketing, argues that companies need to spend a greater percentage of their security budgets on securing intellectual property because the potential impact of having that data stolen is 10 times greater than the theft of custodial data. He says companies need to find a more effective approach to extend security polices across both custodial data and crucial intellectual property. In effect, companies need to right-size their security investments to meet their actual risks.
The study finds that the loss of data by employees is seen as the primary threat to data security. But Curry likens that loss to losing your wallet: The fact that it is lost does not mean that it's in the hands of a criminal. Theft of intellectual property, on the other hand, seriously harms the business. He says companies need to stop treating all data equally when assessing the potential risk to the business.
J.G. Chirapurath, senior director of the Identity and Security Business Group for Microsoft, said Microsoft opted to fund this study as part of an ongoing effort to work with partners such as RSA on more comprehensive approaches to security. That approach, he added, reflects a more mature approach to data security that customers are demanding from Microsoft and its partners,