Friday, 20 July 2012

It wouldn't happen in my day

A few years I drafted, but did not publish, a post under the title "Lack of professional standards endangers computer data security":

75% of UK organisations have experienced at least one data breach in the past 12 months.
An independent research report published recently by the Ponemon Institute reveals that the vast majority of organisations use live production data when testing applications. This is not surprising as it is often a necessity to ensure all production scenarios have been validated. What is more worrying is that the research suggests not much is being done to protect this business critical information.
Key points of the report were:
  • The vast majority of the root causes for a data breach are internal
  • Test environments are often less secure than production environments
  • The risk that data used for development and testing purposes will be lost or stolen is real
  • Most organisations do not have adequate security technologies in place to protect real data used in application development and testing
It seems from this pdf that not enough has changed.

No comments: