Q&A: Protecting your information assets

July 18th, 2012 | by Aaron Tan
Q&A: Protecting your information assets

(image courtesy of wordle)

Nearly all businesses rely on information to be competitive and efficient, but just how much do companies spend on protecting the information they own?

According to a recent Symantec “state-of-information” survey, corporate information is costing businesses worldwide US$1.1 trillion each year.

SMBs are also spending more per employee at US$3,670, as opposed to US$3,297 among enterprises. The survey received 4,506 responses in 38 countries, including 200 responses from Singapore.

In Singapore, the importance of information to businesses cannot be understated. The survey found that 50 percent of the worth of organisations in Singapore is derived from the information they own.

Despite this, measures to protect corporate information have fallen short. Last year, 81 percent of businesses here lost information due to human errors, hardware failures, security breaches, as well as lost and stolen devices.

In addition, 84 percent have had confidential information exposed outside of the company, and 53 percent have experienced compliance failures related to information.

In the latest edition of our Q&A series, we spoke with Ronnie Ng, director of systems engineering at Symantec Singapore, to suss out the reasons for these startling numbers.

1. A typical 50-employee small business spends US$183,500 on information management. What does this entail? Does this include the entire information management lifecycle, from information creation and access to storage, organisation and archival?

To understand the factors contributing to businesses’ expenditure on information, we must first understand the volume of information a typical organisation possesses. In Symantec’s 2012 State of Information Survey, the SMB has 563TB of data across all stores and devices, whereas the average enterprise has about 100,000TB. What’s more, data stores are expected to continue to grow globally by 67 percent over the next year for enterprises, and by 178 percent for SMBs.

Consequently, managing all this information is a major expense for organisations. Globally, SMBs on average spend US$332,000 on managing information, while enterprises spend an average of US$38 million. Interestingly, per employee spending on information is higher for SMBs globally (US$3,670) than for enterprises (US$3,297).

The likely reason for this is economies of scale. For example, an SMB with 50 employees might spend US$183,500 on business information and an enterprise with 2,500 employees might spend US$8.2 million on business information.

To put the volume of information and the spending on information management in perspective, by extrapolating the numbers to the entire world, organisations globally spend US$1.1 trillion on managing their information. This is taking into account that the combined amount of information for all businesses worldwide stands at 2.2 zettabytes. Deep-diving into the figure on a global scale, the factors contributing to an organisation’s whopping expenditure are led mainly by:

– Accessing the vast amount of information in the networks (US$117 billion)
– Storing information in IT resources such as data centres, desktop PCs, laptops, smartphones, tablets, backup systems and archives (US$309 billion)
– Securing data by adopting security strategies and solutions within the organisation (US$324 billion)
– Compliance management issues (US$295 billion)

2. The proportion of Singapore companies that have lost data due to hardware failures and human errors is startling. Is this number higher than the global average?

Yes – Last year, 69 percent of global businesses experienced some form of information loss. In comparison, four out of five Singapore businesses (81 percent) have lost important information in the past 12 months, due to causes including human error, hardware failure, software failure and lost or stolen mobile devices. In addition, more than four-fifths (84 percent) have experienced exposure of important confidential information outside the organisation and half (53 percent) have had regulatory compliance issues in the past year.

Translating these into business impacts, when local respondents were asked what would happen if their organisation’s information was irrevocably lost with no chance of recovery, their responses included:

– Damage to the brand (45 percent)
– Lost customers (42 percent)
– Decreased revenue (42 percent)
– Increased expenses (38 percent)

3. What might be the possible reasons for this figure? Is it due to the lack of understanding of the need to protect their data, lack of resources, or poor understanding of security?

One of the possible reasons contributing to this is that organisations in Singapore may lack visibility and control of their information, which could lead to high volumes of duplicate information being stored. In fact, Singapore respondents on average estimate that as much as 38 percent of their information is duplicated data.

Another challenge is that organisations have fairly low storage utilisation rates – 24 percent inside the firewall and even lower (17 percent) outside. These inefficiencies result in businesses spending more than necessary on storing and protecting their information.

Lack of understanding on the importance of backup also plays a critical role here – many companies think implementing backup is insurance until it is too late, and often do not adopt best practices in data protection.

With so much at stake, information protection should be a top priority but Singapore businesses are still struggling. Fortunately, organisations can address these challenges by taking steps to build an information-centric IT model.

Symantec suggests the following five-prong approach:

Focus on the information: With the BYOD (bring your own device) trend and cloud computing, information is no longer confined within the walls of a company. Protection must focus on the information, not the device or data centre.

Not all information is equal: Business must be able to separate useless data from valuable business information and protect it accordingly.

Be efficient: Deduplication and archiving help companies protect more, but store less to keep pace with exponential data growth.

Consistency is key: It is important to set consistent policies for information that can be enforced consistently wherever it’s located – physical, virtual and cloud environments.

Stay agile: Plan for your future information needs by implementing a flexible infrastructure to support continued growth.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.