The introduction of the General Data Protection Regulation (GDPR) was supposed to change the game. Yet a recent study by Varonis Systems reveals that data governance may have actually gotten worse.
Paul Gillin asserts that the GDPR has not had much impact on data governance in this report from Silicon Angle:
An annual audit published by data protection vendor Varonis Systems Inc. discovered that the average large company leaves about 17% of its sensitive files open for every employee to access. More than half of the companies that were audited had more than 1,000 sensitive files in the open and about the same percentage left more than 100,000 folders with effectively no access controls.
Separately a survey of 1,365 business and information technology managers in seven countries by Splunk Inc. found that respondents estimate, on average, that 55% of their data is “dark,” or unknown, despite the fact that 81% rate data as important to their organization’s success.
The Varonis report is based upon a sampling of 785 organizations the company audited as part of its business. Varonis uses automated processes to scan file and folder permissions as well as to identify keywords that might classify a document is sensitive.
[…]
An annual audit published by data protection vendor Varonis Systems Inc. discovered that the average large company leaves about 17% of its sensitive files open for every employee to access. More than half of the companies that were audited had more than 1,000 sensitive files in the open and about the same percentage left more than 100,000 folders with effectively no access controls.
Separately a survey of 1,365 business and information technology managers in seven countries by Splunk Inc. found that respondents estimate, on average, that 55% of their data is “dark,” or unknown, despite the fact that 81% rate data as important to their organization’s success.
The Varonis report is based upon a sampling of 785 organizations the company audited as part of its business. Varonis uses automated processes to scan file and folder permissions as well as to identify keywords that might classify a document is sensitive.
