Confidential Documents
Confidential documents routinely fall into the wrong hands in a variety of ways. Intentional data theft from either inside or outside the company is an all-too-frequent occurrence. Malicious intention is not always the culprit, however. Unintentional breaches happen as well, due to poor data security measures, human error, or both. The imperative of “getting the job done” compels individuals to forward business-sensitive information, whether or not airtight security measures are in place. Regardless, the costs associated with data security breaches can be enormous.
Forrester Research recently estimated that a security breach can cost anywhere between $90 and $305 per record. That means that the cost of a single, significant breach may run into millions or even billions of dollars. The research firm surveyed 28 companies that had recent data breaches. Hard costs cited included outside legal fees, notification costs, response costs, lost employee productivity, marketing and PR costs, and discounted product offers. Other significant hard costs Forrester warned of that were not part of the estimate included regulatory fines, restitution fees, and additional security and audit costs.
There are significant non-quantifiable costs to a company whenever a data breach occurs, including inadvertent disclosure of key assets, potential loss of customers, negative impact to the stock price, shareholder lawsuits, unfavorable press, and more. These costs can be even more detrimental than hard costs, given their implications, and can eventually run into the tens of millions of dollars.
The Cost of Non-Compliance
Today’s organizations are required to meet stringent corporate governance and compliance requirements, or pay a high price. Recent regulations such as Payment Card Industry (PCI), electronic access of patient information (HIPAA), and the newly amended E-Discovery rules (Rule 26 of the Federal Rules of Civil Procedure (FRCP) underscore the fact that airtight data security is critical in today’s highly regulated business environment. Moreover, regulations such as the Sarbanes-Oxley Act (SOX) now require a fully documented information flow for critical corporate information, creating a need for tamper-proof and persistent audit trails.
Protection of Confidential Documents: More Critical Than Ever
Today, more widely dispersed executives and employees are collaborating, accessing, and sharing important, sensitive corporate information beyond the brick-and-mortar walls of the company, driving the need to share confidential information securely. Business processes within an organization that require safe sharing of highly sensitive information include executive-level information sharing, finance, human resources, and research and development, to name just a few.
Increasingly, these business processes extend across the corporate firewall to external partners, contractors, and other outside professionals who need access to confidential documents. For example, many contributors are involved in preparing documents for executive board meetings, and seamless collaboration of remote team members must be ensured. Distribution of information to members of an executive board is often costly and time consuming, and most of all, it is frequently insecure. Leading industry analyst Gartner refers to groups of individuals who collaborate together outside the corporate boundaries as “communities of trust.” According to Gartner, there is a rapidly growing need for ways to “meet the communications and security needs for the ongoing sharing of sensitive data across the Internet between multiple organizations.”
Examples of collaboration-heavy business processes that transcend corporate firewalls are: boards of directors; mergers and acquisitions; business partnerships; management consultants; outsourcing processes; joint ventures with competitors; real estate management; and life science clinical trials. This trend will continue to grow as more and more collaboration occurs among dispersed individuals located around the globe. These processes need to be secure; additionally, they can’t be impeded by an unwieldy IT security infrastructure that slows down the job that needs to be done.
Common Misconceptions about Data Security
Keeping data secure in today’s dispersed environment is a much more daunting task than it was in the past. Part of the problem is the prevalence of commonly held ideas about data security that simply are not true. Below are three of the most common misconceptions that actually impede organizations in the implementation of a truly secure solution:
Misconception #1: Data Security is IT’s Problem
Most business executives want to know that confidential documents are protected from data breaches without having to worry about the mechanism by which this is achieved.
