According to a new Ponemon Institute survey, the cost of U.S. data breaches continues to rise, reaching an average cost of $7.2 million in 2010, up 7% from $6.8 million the previous year. The cost has increased every year since the first survey was released in 2006.
The two big issues driving this segment are how you protect data that you own but don't manage (for example, data in the cloud) and how you understand all the things that are connected to you (identity), says Paul Simmonds, co-founder and board member of the Jericho Forum. While there are lots of really good things happening out there in protecting data, “identity is a mess,” he adds. “Identity is what is holding us up as an industry from making good risk-based decisions. So Jericho did what it did best--ignored the technology and took it up two levels, to what is the root level, and that's the principles.”
There is a fundamental problem with the traditional approach to identity and access management (IAM), says Simmonds. “It's wrong ... you have to separate identity and access management; what sits in the middle is entitlement.”
The other problem is the belief in the bigger the better. “The days of big government databases are very flawed, and the concept it's going to scale doesn't work,” Simmonds says. What is relatively simple and secure with a 50- to 100-person company doesn't work when scaled up to 20,000 or 100,000 people, he says. “You have a whole bunch of people sitting there trying to glue this together with custom glue … it's very expensive and doesn't work.”