IT firms report widespread data risks
Firms are offloading data risk to IT providers, according to a new survey by data research institute Ponemon and governance software provider Aveksa
WALTHAM, MA & TRAVERSE, MI – IT providers are not being given enough information to mitigate the data risks of their clients, says a new study by data research institute Ponemon commissioned by governance software firm Aveksa.
The study, The 2008 National Survey on Access Governance, questioned 700 US IT practitioners on their information management relationships with their clients – the two largest employers being the financial services industry (21%) and government institutions (18%).
The survey says 78% of respondents thought employees are granted access to data for which they have no need, with inadequate tools in place to inform and update IT providers of employees’ specific and often evolving responsibilities.
“The IT security organisations are judged on how quickly they deliver access. There’s no automated process to engage a business unit to regularly review users’ access to different information resources. They’re using a manual approach – spreadsheets and email – and it is very inefficient,” says Brian Cleary, Aveksa’s vice-president of marketing.
IT practitioners cannot easily automate policy enforcement and require collaboration to understand what information is relevant for user access. It is not the job of a bank’s IT team to understand what information is pertinent for a retail teller’s role, says Cleary.
“They are not regulatory compliance experts. They need audit, risk and compliance to create a better collaborative framework for governing access.”
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Regulation
FCMs welcome CFTC margin rule ring-fencing clarification
Final rule on separate accounts replicates no-action relief as Republicans strip out gold plate
Stuck in the middle with EU: dealers clash over FRTB timing
Largest banks want Commission to delay implementation, but it’s not the legislator’s only option
Treasury clearing timeline ‘too aggressive’ says BofA rates head
Sifma gears up for extension talks with incoming SEC and Treasury officials
Rostin Behnam’s unfinished business
Next CFTC chair must finish the work Behnam started on crypto regulation and conflicts of interest
European Commission in ‘listening mode’ on potential FRTB changes
Delay or relief measures on the table after UK postpones start of Basel III to 2027
Australian FRTB projects slow down amid scheduling uncertainty
Market risk experts think Apra might soften NMRF regime to spur internal model adoption
EBA to address double-counting caused by new capital floor
Existing EU capital add-ons for model risk would duplicate new Basel floor on internal models
The Emir error reports that cost banks millions
Dealers lambast onerous EU requirement to notify clients of all errors and omissions
