Data privacy violations are also disturbingly high, he noted. "As we've seen in cases such as the Target hack, such violations can have devastating consequences. Risk-averse companies should explore software-guided training courses in these areas. Automated workflows can also help to streamline processes such as incident reporting, thereby increasing employee compliance."
The answer to the problem is compliance management software, which is said to reduce both conscious and unconscious violations via training modules, automated workflows and compliance surveys. Compliance management software helps normalise features to reduce the number of policies employees have to contend with by mapping emerging requirements to existing policies, aggregating similar policies. Policies can also be mapped to controls to enhance visibility into the implementation of policies.
"Compliance management software can reduce both conscious and unconscious violations via training modules, automated workflows and compliance surveys," Harris said.
ASG Technologies' products help businesses meet the challenge of increasing compliance demands and changing regulations. Ian Rowlands, vice president of Product Marketing at ASG Technologies, says ASG's Data Intelligence product collects all the supporting information about data that makes it useful and understandable. It also allows compliance officers and their teams to locate data needed to deliver on-time answers audit and regulatory compliance questions.
Compliance management software doesn't halt an action though. Take for instance if an employee was sending out something that they shouldn't. Rowlands said that would be more in the realm of email filtering technologies. ASG's software maps the data estate, traces data movement and understands data transformation.
Does compliance management stop an insider threat? Rowland said sadly it does not. Many forms of insider threat are really caused by the misapplication of proper business facilities, he said. That kind of activity is best intercepted by the use of threat analytics - for which a solid base of data intelligence is a key component. Another key issue is that most insider breaches are caused by "privileged users" - using data intelligence to document who is entitled to do what with data is another key element of protection.
ASG's content services product, Mobius, can enable a company to adhere to corporate policies, industry regulations and government mandates. Specific use cases include:
- Redaction is able to obfuscate information. Therefore the company can create internal controls to enable compliance with PCI DSS 3.0, HIPAA, HITECH, Federal Privacy Act, and prevent employees, customers and criminals from obtaining Personally Identifiable Information.
- Mobius View Records Management is able to automatically capture, classify, retain, dispose and destroy records regardless of location according to corporate policies, industry regulations and government mandates. When a legal event occurs, all required records can be put on hold to prevent manipulation or deletion.
- ViewDirect Audit and Balancing System can prevent abuse and enable compliance. For example, one Mobius customer uses the product for fraud detection, account reconciliation and financial audits.
Sign up for CIO Asia eNewsletters.