| Boston, MA - July, 2005: In the most recent market study from Delphi Group, Perot Systems’ research, consulting and conference division, 458 companies revealed how on-line content is being secured (or inadequately secured) against potential threats. The survey discovered that 41 percent of the organizations surveyed had already experienced unauthorized access to content. Further, the affected organizations had no idea of the dollar value risk of having unsecured content. The results of this research survey show that a Dynamic Information Access Control (DIAC) lifecycle approach may hold the key to not only protecting content, but maximizing the value derived from that content, in a manner that exploits the organization’s investment in technology across multiple business settings. Beginning in March 2005, Delphi Group surveyed 458 companies on the safety of their organization’s online content. Forty percent of the respondents admitted that they had no idea whether their corporate content was subject to intentional or unintentional unauthorized usage, said Carl Frappaolo, Delphi Group analyst and Consulting Practice leader. "Apparently, the flurry of news stories surrounding identity theft, lost records and lawsuits revolving around inappropriate handling of e-mail has still not been a sufficient wake up call to many corporations." Forty-one percent of respondents believed that internal, external or both (internal and external) parties had accessed content without authorization. Further, these companies recognized the "threat from within" (14%) as greater than external threats (7%) - such as hackers or crackers. These results support the findings of other classic surveys (such as the oft-cited CSI/FBI surveys) over the years. 
In total, 81% of respondents to this survey had issues around information leakage/exposure. "Those who did not have a specific incident to report recognized they ought to be concerned because they simply have no idea as to their level of exposure to this threat," explained Frappaolo. "Nor do they have confidence in their ability to prevent, detect or react to these issues." Hope, luck or ignorance of a problem cannot really be used as strategies for managing information leakage. "Clearly, there is much work to be done," said Frappaolo. Gross Lack of Appreciation of Dollar Value Risk of Unsecured Content Even greater than the lack of awareness over whether content has been accessed inappropriately, (and this threat is quite significant emphasized Frappaolo,) is the fact that the vast majority of respondents (63%) had no appreciation of the dollar value risk associated with unsecured content. Most of these organizations have no compliance mandate or other externally required spending to address this area of risk. The tendency on the part of budget holders for these organizations is typically to minimize the risk, and not spend a single dime on securing content – as it is difficult to balance Return on Investment (ROI) against the range of possibilities of zero risk to infinite risk. "Risk Management, with risk identification and quantification being the first steps to managing risk, continues to play a fairly low role in organizations from our survey respondents’ point of view, (a fact confirmed by Delphi Group’s experiences with its consulting clients), said Dan Keldsen, Delphi Group analyst and CTO. 
Another indicator of the market's general ignorance or confusion over securing online information can be seen in the fact that nearly half of survey respondents (47%) claimed they are directly addressing content security in their organization, yet, a nearly equivalent number (45%) reported that their implementation timeline for a strategy to secure business content is undermined at this time. "These seemingly diametrically opposed survey findings reflect what we see in many client organizations today," said Frappaolo, "Corporate executives are loath to admit there is no direct strategy for dealing with this issue. They like to believe that admitting content security is a potentially explosive issue means they are addressing it. While admitting there is a problem is the first step in addressing the problem, you have to go further." Adding to the confusion is the fact that there is no magic bullet or single source solution to this issue from a technology standpoint. Indeed, when asked to identify the technologies they have targeted for securing content, survey respondents provided a laundry list of options, from User Authentication to Enterprise Rights Management. " Said Frappaolo. "The only sound way to provide an intelligent approach to securing online information is through a combination of multiple point technologies, applied in a coordinated effort. The issue is- more than just security of content. What we are actually talking about is, ‘Dynamic Information Access Control (DIAC),’ a lifecycle approach to not only protecting content, but maximizing the value derived from that content, in a manner that exploits the investment in technology across multiple business settings." For additional information on Delphi Group’s recent survey on online content and information access, contact senior consultants Carl Frappaolo (cf@delphigroup.com) or Dan Keldsen (dan_keldsen@delphigroup.com) by email or by phone at +1-617-274-8444 or visit http://www.delphigroup.com Delphi Group is a Perot Systems company that has provided technology management advisory services to the Global 2000 since 1989. Through focused market research, consulting and value-driven educational programs, Delphi Group illuminates the role of technology in the digital enterprise. About Perot Systems
Perot Systems is a worldwide provider of information technology services and business solutions. Through its flexible and collaborative approach, Perot Systems integrates expertise from across the company to deliver custom solutions that enable clients to accelerate growth, streamline operations and create new levels of customer value. Headquartered in Plano, Texas, Perot Systems reported 2004 revenue of $1.8 billion. The company has more than 15,000 associates located in North America, Europe, and Asia. Additional information on Perot Systems is available at http://www.perotsystems.com. |