Here’s a surprise: The uncertainty about the location of sensitive and confidential data is more of a worry than a hacker or malicious employee.
We surveyed 1,587 Global IT and IT security practitioners in 16 countries (the research was sponsored by Informatica). A list of participating countries is presented in the appendix of this report. To ensure a knowledgeable and quality
response, only IT practitioners whose job involves the protection of sensitive or confidential structured and unstructured data were allowed to participate.
For purposes of this research, datacentric security assigns a data security policy at creation and
follows the data wherever it gets replicated, copied or integrated—independent of technology
platform, geography or hosting platform. Data centric security includes technologies such as data masking, encryption, tokenization and database activity monitoring. This research reveals,
however, that automated solutions would help improve an organization’s compliance and data
Key findings of this research:
1. Data in the dark keeps IT practitioners up at night. Fifty-seven percent of respondents say
not knowing where the organization¡¦s sensitive or confidential data is located keeps them up
at night. This is followed by 51 percent who say migration to new mobile platforms is a
2. Sensitive or confidential data is often invisible to IT security. Only 16 percent of the
respondents believe they know where all sensitive structured data is located and a very small
percentage (7 percent) know where unstructured data resides.
3. Organizations mainly rely upon the classification of sensitive data to safeguard data
assets. The two most popular technologies for structured data are sensitive data
classification and application-level access controls. Only 19 percent say their organizations
use centralized access control management and entitlements and 14 percent use file system
and access audits.
4. Automated sensitive data-discovery solutions are believed to reduce the risk to data
and increase security effectiveness. Despite the positive perception about automated
solutions, 60 percent of respondents say they are not using automated solutions to discover
where sensitive or confidential data is located. Of the 40 percent of respondents who say
their organizations use automated solutions, 64 percent say they use it for discovering where
sensitive or confidential data are located in databases and enterprise applications. Only 22
percent use it to discover data in files and emails.
5. Specific automated solutions would improve the organization’s compliance and data protection posture. The most popular capabilities are automated user access history with real-time monitoring followed by policy workflow automation.