The Ponemon Institute has published a new report that exposes the security risk of off-network data devices. The report accuses companies of having lax security when it comes to data on devices that are disconnected from the network.

The survey of 735 senior IT security professionals found that:

• 62% of respondents confirm, or are unsure, that off-network devices contain unprotected confidential or personal information
• 39% of respondents do not view the management of off-network devices as critical to security
• 70% of data breaches have resulted from the loss of off-network devices
• 30% of respondents have no way to detect the loss of data on off-network devices
• 73% of respondents experienced the loss or theft of a data-bearing machine sometime in the last 2 years

Clearly, the data indicates a counter-intuitive attitude towards off-network security. Although most data breaches can be linked to the theft or loss of data devices such as laptops or PDAs, a large proportion of companies consider off-network security a low priority.

30% of companies, as indicated above, feel unable to track data leakage in these off-network devices, pointing to the challenges posed by this area of IT security.

“Protecting data that is stored on devices outside the confines and control of the corporate network is a problem for which many companies simply do not have a solution,” said Dr. Larry Ponemon, founder and chairman of the research company bearing his name. “Our research shows that, while most companies recognize the risk off-network data poses, few seem to have a grasp on how to manage the many challenges off-network data present to maintaining a strong data security program, and many do not even have a policy to address the situation.”

You can download the report here [PDF]

Via ZeroDay Tags: off network security, security, it security, laptop security, data security, data breach, data loss, security policy