Protecting Confidential Data

The recent string of high-profile security breaches involving the loss of consumer information has made it clear that organizations must develop and improve policies and technologies to protect confidential data. Based on a comprehensive survey of more than 200 information security professionals, this report will help both technology users and vendors of all types understand the short- and long-term issues affecting this critical area of business and technology.

Specifically, this report addresses the following issues:

Problem definition and scope:

• How much of their organization's data do security professionals consider to be confidential?
• Where is the data housed in terms of systems (PCs? Servers? Mainframe? Storage devices?) and data management (File systems? Databases? Unstructured content?)
• Do users know how many copies of confidential data they have and where they are located?

Market dynamics and purchasing plans:

• What's driving demand for confidential data security solutions and in what time frame?
• Which areas of confidential data security will users address first?
• Which functional groups (both IT and business) are responsible for improving confidential data security?
• How are users budgeting for confidential data security expenditures?

Policies, processes, and procedures:

• Do organizations have specific confidential data security policies and procedures?
• If so, how are they defined, monitored, and enforced? If not, why not?
• How effective are these policies, processes, and procedures?
• What changes need to occur?

Technology deployment and purchasing plans:

• Which tools are currently in use?
• Which ones will be deployed within the next 12 months?
• Are there any implementation trends in specific confidential data security areas like encryption, key management, PKI, eDRM, or access controls?

Vendor-specific information:

• Which vendors or groups of vendors are most supportive in helping users secure their confidential data?

Executive Summary