Information overload, data explosion and big data – terms we are now reading about on a daily basis. It’s no secret that the amount of information that businesses are dealing with today is huge, so huge in fact that the actual size is still difficult to grasp. But what does this mean to businesses today and should they be concerned?
Our recent State of Information survey found that an unimaginable 2.2 Zettabytes of information is stored by businesses. To try and put this in context, imagine filling the Empire State building with one page documents – 1,287 times – or getting every grain of sand in the world and multiplying the amount by 300.
And it’s continuing to skyrocket. In fact, over the next year information is expected to grow 67% for enterprises and 178% for SMEs. Yet for most businesses, storing all this data isn’t a concern anymore as it’s easy to increase storage space in the cloud. However, where businesses are still falling short is when it comes to effectively managing and securing all this data. The reality is that bad management is either leading organisations to spend far more than necessary on storing and protecting their information or worse ignoring the problem and not doing either.
A key issue that has been identified is information sprawl – the overwhelming growth of unstructured information that is disorganised, difficult to access and often duplicated elsewhere. Companies believe that nearly half (42%) of their information is duplicated, meaning they are paying to store and manage much more information than they need to.
Information is core to businesses and it’s vital that they get up to speed and understand and classify the data that they need to hold on to so that they end up with a realistic amount to manage and secure. Not all information is equal and businesses need to separate useless data from valuable business information; making sure this is protected accordingly and any unwanted data is deleted.
Managing information well will not only improve efficiency and security but will in turn reduce costs.
How do you manage your data? Research shows that businesses produce 2.2 zettabytes of information each year. To put this into context, if this data was available as one page documents then you could fill the Empire State Building 1,287 times. Coping with such a huge amount of data doesn’t just call security processes into questions but also requires organisations to put the correct procedures in place so that data can be tiered for importance and access can be regulated.
Managing data effectively is a challenge every business has to face but getting it right can pay dividends for your business so here are a few steps organisations can take towards effective data management.
Consider multiple platforms: Information is no longer within the four walls of a company. Cloud-based solutions are being used – whether officially or otherwise. This means data protection is not solely concerned with device protection but the data itself needs to be secure – encryption technology is key.
Organisations must prioritise their data: Which data would you feel comfortable giving to your competitor? Is your data suitable for the public domain? These are worthwhile considerations. The consequences of lost data may be disastrous for your organisation, so make sure you can identify and protect what matters.
Deduplication and archiving: This allows organisations to save vital storage space, to speed up network backups and to efficiently target protection on the data that matters. Frequently review the data held on your servers to understand its relevancy and conduct cleanups to remove any duplicated data. Some appliances now do this process automatically.
Value your business: Now that information forms 35% of an organisation’s value it is important that every organisation has a data policy which can be supported across physical, virtual and cloud environments. These are commonly known as data retention policies and are important for managing data across an organisation. Does your organisation have a policy in place?
Technology is constantly evolving: As the amount of data we are storing increases each day, it is critical to make sure that your data centre is prepared for the future. This means ensuring expandable storage space and up-to-date security. Be prepared by having data plan in place ahead of time.
Organisations can no longer rely on data to run their businesses without considering its importance, security and how it should be accessed safely. We believe successful information management is critical for all as it is, now more than ever, a crucial part of running a business. We all need to put the “I” back in “IT”.
Statistics taken from Symantec’s ‘State of Information’ Report.
It seems that not a week goes by without the media reporting another instance of a data breach. More often than not it is of user’s passwords becoming compromised. Given that a password is very often the last line of defence against an intrusion into our personal data, the risk that this presents cannot be underestimated.
If it’s not organisations being hacked or inadvertently giving up peoples’ passwords, it is individuals themselves that are at fault. It was only recently that U.S. Presidential candidate, Mitt Romney had his email account breached by someone who simply guessed his favourite pet to access his account.
Hackers are always looking to develop new and innovative means of breaking into our personal data. Therefore, it is up to us as individuals to make this task as difficult as possible for them. We all ultimately have the responsibility of providing a worthwhile deterrent to those who would attempt to gain unauthorised access into our accounts, with a view to exploiting our information. At its heart, this is a battle between them and us, and it is our job to outmanoeuvre them, ensuring they do not gain access to our personal accounts.
Having a weak password is making life easy for them and essentially freeing up their time to go on intruding on many more accounts. So it’s important that we give serious thought to the passwords we use, veering away from the more obvious choices such as birthdays, pets, favourite sports teams and other topics close to our hearts. The more obscure and unrelated to us that a password is, and the more unusual, the harder it will be for a hacker to break. Combining numbers and letters provides additional complexity, as does changing the case of the characters. Avoiding writing down passwords and changing them at regular intervals will also bolster our protection from cyber criminals.
At best, a weak password is tempting fate, and at worst, it is providing a welcome sign to criminals looking for easy access into our personal information. Make sure you do all you can in protecting yourself from this threat.
It has nothing to do with the size of your inbox or shared drive or whether your competitive edge stems from a specific design blueprint or a secret ingredient. It could be that you have and need to keep reams and reams of customer information or maybe you simply have unique insight into a few key clients. It all amounts to information that defines your business. And it’s clear that companies value it – we know this from the results of Symantec’s recent State of Information survey that shows companies are spending a total of £714 billion[i] a year on storage infrastructure, security, compliance and access[ii].
In fact, the survey revealed that digital information makes up 49 percent of an organisation’s total value so the loss of information is actually worth a lot more to a business – actually it would not be an exaggeration to say that you can’t really put a price on it. It is after all what keeps you in business. One IT manager at a large engineering firm said when asked about the consequences of losing the enterprise’s information: “We would have to fold our operations for at least a couple of years before we’d come back again.”
On average, the survey shows that enterprises spend £25 million on information, while SMEs spend £215,000. However, the cost per employee for SMEs is a lot higher at £2,383, versus £2,140 for enterprise. For example, a typical 50 employee small business spends £119,155 on information management, whereas a typical large enterprise with 2,500 employees would spend £5.3 million.
It’s clear the consequences of losing business information would be disastrous. Respondents in the UK highlighted the impact of data loss to their business including lost customers (48 percent), damage to reputation and brand (36 percent), increased expenses (36 percent) and decreased revenue (35 percent).
When you look at it like this, it’s money well spent.
- Storage infrastructure £201 billion*
- Security £210 billion*
- Compliance £192 billion*
- Access £76 billion*
*rounded to nearest billion, converted from US dollars using the current rate of 1.54.
It’s not just the Ukrainians and the Polish that are seeing a surge in demand as the Euro Championships take place. Here at Symantec, we have noticed some curious spikes in data usage, around the time of key games.
For instance, our data processing centres saw a 20% uplift in week on week user traffic in the hour prior to kick off in the game between England and France on June 11th. During the match this increased further, hitting a 75% uplift compared to the previous week. During that peak our bandwidth monitoring saw the equivalent of approximately 7,500 live media streams passing through our UK data centres per second.
I’ve no doubt that businesses of all types experience similar upturns in data demands during big sporting events such as the Euro’s, which leaves open the obvious question; how are people preparing for a whole host of sporting events that are taking place in 2012? With a summer of sport set to be watched by millions across the globe, many are sure to reference the internet consistently throughout to keep up to date with their favourite events and any key developments. The spikes we have witnessed throughout the Euro’s has provided a nice gentle stress test for our systems, which have coped with the increase comfortably. Other organisations should use this tournament just as we have, as a key indication of the likely impact that business is going to face.
Though often hard to calculate the exact amount of data expected to pass through a company’s system, recent spikes should prove very useful in informing how people should equip and prepare for the likely surge we will see over the coming two months. It would be silly to neglect this information, and be caught out when data peaks during busy periods. Being prepared to respond to these increases will ensure a seamless continuation of business, ruling out any potential losses or disruption that might occur to those that have not heeded the early warning signs.
The sports sections of newspapers are a must read for many people. Keeping up to date with the latest results is very important for some; and during major sporting events something in which almost everyone takes an interest. The internet has dramatically increased the desire for the latest news and commentary, allowing individuals unprecedented and timely access to such information wherever they are able to connect to websites.
Today’s hyper connected world presents a widely discussed concern to businesses – the challenge of maintaining business productivity as employees spend their working time reading sports pages or checking the latest scores. However, I believe, a greater risk to businesses is the amount of bandwidth that may consumed by watching live video streaming of sporting events on corporate networks, possibly by connecting a personal, mobile devices to a corporate network.
This may be enough to consume the entire internet connection and interfere with legitimate network activity. With a summer of sport imminent, companies need to consider just how much bandwidth may be consumed by high definition video streaming websites, and how employee behaviour may change during the event.
The provision of video streaming has changed massively over the past 4 years, so previous experience may not be comparable with what we can expect this summer. The Rugby World Cup of October and November 2011, may have less mass appeal than the forthcoming events, but as an international sporting event, may provide an indication of the demand for sports information and the use of streaming video.
The Symantec Web Security.cloud service blocks classes of websites according to the acceptable use policies of corporate customers. The logs of refused access of users attempting to visit blocked categories of web sites can be thought of as a measure of how employees in general use the internet.
The number of logged refused attempts to visit video streaming websites during the opening week of the Rugby World Cup provides some interesting clues regarding employee web usage. There is a clear periodicity with the number of blocks higher during the working week of Monday to Friday, compared to the weekends. There is also a clear peak in the number of blocked attempts to access video streaming websites on Friday 9th September, the opening match of the World Cup.
Figure 1 . Relative increase in recorded web blocks for video streaming websites, 1 Sep 2011 – 16 Sep 2011.
The number of refused attempts at video streaming access on Friday, 9th September are 53% higher than the preceding Friday. Although some of this increase may be due to single individuals repeatedly trying to access video streaming in frustration, it only takes six people watching streaming video to saturate a 8 mega bit internet connection. If we consider that each user watching streamed video consumes 1.5 mega bits per second of internet bandwidth, a 90 minute football match represents 1 Gigabyte of data!
Sport related websites also show a clear increase in the number of blocks over the opening weekend of the Rugby World Cup on September 9th.
Figure 2. Relative increase in recorded web blocks for sport websites, 1 Sep 2011 – 16 Sep 2011.
The period, Friday to Monday, before the opening of the World Cup compared with the same time frame, one week later, coinciding with the opening of the matches, shows a 35% increase in blocked attempts to access sport websites.
These increases in the number of attempts to access websites blocked by local acceptable web use policies show that major sporting events can provide a major distraction for employees. It could also raise the question of whether acceptable use policies are themselves not a deterrent to visiting non-work related websites and a robust means of enforcing such policies needs to be put in place to ensure compliance.
A permanent and total ban on visiting video streaming and sport websites may not be necessary or appropriate. A partial or temporary block during major events may be all that’s required to protect networks and productivity. Employers and security officers need to be aware of the distraction of major sporting events, while keeping front of mind that it’s not just productivity that is impacted. The amount of internet bandwidth that may be consumed by employees watching sport video streams really needs to also be top of a business’ agenda as our nation enters its long anticipated summer of sport.
Our latest Symantec 2012 SMB Disaster Preparedness Survey found that SMBs are increasingly planning and implementing virtualisation, cloud computing and mobility – a strategic IT trend we typically associate with larger enterprise businesses.
It seems that SMBs are becoming more aware of the threat that a break in business could pose to the company and, as a result, are turning to new technologies to help them prepare for unforeseen circumstances which might cause disruption to their business performance.
So what are the threats that SMBs face? Well, they can be hit with any number of incidents which could disrupt operations, ranging from natural disasters like floods or fires, to common theft of damage of computer/mobile hardware. In these circumstances, companies will find themselves desperate to resume normal operations as soon as possible to prevent loss of business, reputational harm, and pertinently, any negative impact on long term prospects.
It is also at this point that those without a plan in place, and just as importantly, concrete measures designed to mitigate any problems occurring, could find themselves in trouble. Smaller organisations simply cannot afford to experience any significant periods of downtime and so the ability to recover quickly, and return to full capacity is of paramount importance.
Cloud computing is proving particularly popular among SMB’s with 40% deploying public clouds, and a similar number (43%) implementing private clouds. Over a third (35%) are taking advantage of mobile devices for business use, and 34 per cent are looking towards virtualisation.
To help you manage your best practise for disaster preparedness, we’ve pin pointed a few key recommendations that should help you to stay in control:
- Businesses should start planning now, preparing now for potential business disruption, rather than waiting and being caught unaware. Now is the time to begin evaluating which technologies would work best with your particular type of business
- Focus on implementing strategic technologies. For instance, adopt integrated cloud backup for offsite storage and disaster recovery, and automated physical to virtual (P2V) backup conversion so you can recover your physical system to a virtual machine in case of a server failure
- Ensure that information is protected by using comprehensive security and backup solutions that protects your physical, virtual and mobile systems. You may also consider backing up data saved to the cloud by working with a trusted cloud vendor to utilise the appropriate technology and expertise
- At least once per quarter you should evaluate your disaster preparedness strategy and test its effectiveness. Can you recover what you need in the timeframe you require? There’s no telling what the future holds, and it’s important to be ready for any event that can result in information loss.
When was the last time that you received an e-mail offering you a discount on pharmaceutical products? If you are using a corporate e-mail system or one of the larger Internet e-mail providers, the chances are it was a while ago. And yet until recently over 90% of e-mail sent was spam.
This is something that changed last year with spam dropping to only 75% by the end of 2011.
So where did those spammers go? Did they get an attack of social conscience? The evidence would seem to say not. We still saw an increase in the number of attacks and malware variants last year.
What seems to have changed is the mechanism that is being used to distribute spam and malicious software. There has been a rise in the use of social media to distribute these attacks as spammers exploit the web of trust that individuals have in social media. After spam awareness campaigns, we are much more likely to click on a link posted by a friend to a social network than to open an attachment in an e-mail. It was inevitable that spammers would target the greater level of trust we have in social networks but is this shift actually the sign of something greater?
Look at the way a teenager communicates. They rarely use e-mail, instead choosing to communicate through more immediate channels such as instant messaging and social networks. So are we seeing the beginning of the end for e-mail? Is the move of spammers to social media not just to exploit an easier target but a move to a new dominant communication mechanism? It’s certainly going to be interesting to watch this develop over the coming years.
Without question, the iPad has been the most disruptive piece of technology released within the last decade for businesses. The speed of its uptake has surprised everybody, and its uptake in boardrooms and amongst senior executives has dramatically changed the workplace. In business meetings and conferences across the world an exec will turn up with an iPad, which prompts others attending to feel they should have one as well, and they then take their newly acquired iPad to their next meeting, creating an unstoppable purchase cycle.
However, with the recent launch of the new iPad triggering another huge surge in sales, perhaps now is the time to stop and think about the challenges this rapid adoption brings.
Executives no longer just want an iPad as a fashion accessory. They want it to be a practical and functional device, enabling them to work on the move and share this work with colleagues, and clients alike. To do this, however, the iPad must connect to a corporate email and carry around potentially sensitive documents.
I have been speaking with a number of Information Security departments about the challenges that come with this trend. Many of them said they initially responded to their executive’s request that, as the iPad is not a supported platform, they simply cannot connect it to the corporate network. But this is not a popular response and they are often asked to “find a way”.
Consumerisation of tablets
This is not to undermine the great achievements of the iPad. Along with other tablets, it has undoubtedly delivered on the promise to provide a portable device which users can annotate without carrying around bulky paper, or even more bulky laptops. It has also delivered on consumerisation, a key element being that users must be self supporting which is much easier with tablets than with full desktop systems.
This is why it’s not surprising that time and time again I have the same conversation with companies around the challenges of mobile devices, mobility and ‘bring your own device’. This concern tends to be closely followed by discussions around cloud adoption, as users increasingly turn to backdoor cloud adoption, using file-sharing services to put documents on their unsupported tablet devices.
Is there a solution?
There is now a desperate need for businesses to overhaul the approach they are taking to managing corporate IT and Information Security. Instead of having a standard build and a limited set of supported platforms, we now need to look at minimum standards of connection and security controls across multiple platforms.
A primary focus of information security should be how to enable mobile devices and tablets access to the network. Combining the policy enforcement and control requirements that are required, whilst providing the usability and performance experience that attracted users to the tablet in the first place, will be a careful balancing act for Information Security departments.
The key to this is Information centric security. It is possible to enable access by developing an understanding around what information can go on a device, based upon the user, and also assessing the location and whether it is a personal or managed device. These are the first step in preventing sensitive information from risk.
Nobody can deny that the rapid adoption of tablets has created an interesting challenge. But, I believe, that with right balance and a can-do outlook businesses and users alike will reap the benefits that today’s devices can deliver.
Imagine walking along a street on a sunny day. You’re thirsty and, sitting on a table outside a cafe, there is an ice cold, open bottle of beer. Would you pick it up and drink it? Probably not. Most of us would resist the temptation because we don’t know where it’s been or who’s already drunk from the bottle.
Now imagine you walk into a hotel or conference centre. You’re running close to your internet usage limit on your smartphone, but you want to connect your laptop to catch up on emails or carry out some research ahead of a meeting. All is not lost, as you notice there’s a number of free and open wifi networks available. Do you connect? Why would you trust this wifi more than the bottle of beer? Do you know where it’s been and who has been using it with any more certainty?
Yet many of us still connect to wifi networks every day. We’re seemingly happy to connect to a friendly or “safe” sounding wifi network, such as a hotel or conference centre name, and work online without ensuring that our communication is protected or encrypted.
This was the exact analogy made by Paul Vissidis at a conference I attended recently. Hackers have always been known to exploit trust, and our willingness to connect to unverified wifi networks is giving them the opportunity to steal passwords and monitor people’s online activity.
Wifi is the easiest, fastest and often the cheapest way to keep ourselves online in a world where we are scared of becoming disconnected. Perhaps, because it’s impersonal and online we simple don’t make the same connection. And everyone does it, so surely it can’t be that dangerous?
We are now demanding internet access everywhere, especially as we use mobile devices that constantly need to connect. As we pursue the anywhere, anytime, anyplace drive of cloud based services, we can only expect these threats to increase.
The solution is simple. Users need to be educated that they either mustn’t connect to these networks or ensure they are protected by connecting to a corporate VPN. By following this policy before accessing any sensitive information, browsing the network from corporate devices or checking that any web pages or applications that we access run over encrypted links, we can feel more at ease.
So next time you see a free wireless network in a hotel, coffee shop or bar, stop and think before you link.