In an effort to get ahead of potential security threats, are IT departments taking their eyes off the data?

That’s the question examined by two new studies—one by Forrester Consulting on behalf of Varonis Systems, and the other from 451 Research for the security firm Thales.

The Data Security Money Pit, the Forrester and Varonis report [PDF] based on responses from 150 security decision makers, notes that 93 percent of respondents said they faced major technical challenges in protecting their data. But just 38 percent of respondents knew where their most sensitive structured data was located.

“Despite claims of high maturity, an overwhelming majority of companies face technical and organizational challenges with data security, are focused on threats rather than their data, and do not have a good handle on understanding and controlling sensitive data,” according to the report’s executive summary.

Meanwhile, the 2017 Thales Data Threat Report suggests that the sheer amount of data being created and the number of people who need to access it pose complex problems.

“The list of people with legitimate access to our data has grown—no longer just employees, but as we have embraced the modern extended enterprise, our resources must now be made available to partners, suppliers and contractors, and potentially our customers,” the report states.

The study of 1,400 vendors presents a slightly better picture than in the Varonis report: 57 percent of respondents reported that they had “complete knowledge” of where their data was, an increase from 43 percent the previous year.

At the same time, 26 percent of organizations reported a breach last year, compared with 22 percent the year prior. And nearly 90 percent of respondents said that they felt at least some vulnerability to data security threats.

Nearly three-quarters of respondents (73 percent) said they were spending more money to protect sensitive data. But while spending is increasing, the threat is becoming more sophisticated. The report argues that “the misalignment between current threats and the appropriate defenses needed to truly protect an organization’s assets from compromise” is a significant issue.

(iStock/Thinkstock)