An information security manager perspective on search

Varonis is in the business of data and information management application software and over the last few years has made a significant investment in producing surveys and briefing papers on a wide range of information management issues. The company has recently released a short but well written survey of the attitudes of the information security community to enterprise search, based on 300 responses from attendees at two information security events, one in the USA and one in the UK.Overall the level of adoption was only 30%, with a further 8% planning to make an investment in search.

The survey provides a novel security-management focus to the adoption and use of enterprise search. Nearly 70% of the respondents were concerned that users would find information that they did not have permission to see. 30% were concerned that file permissions were not adequate to support enterprise-wide search and a further 30% were not sure. I will admit to not having seen information security as a potential barrier to enterprise search adoption but the results of this survey have caused me to change my mind! Information security is rightly right at the top of IT management issues and the evidence from this survey is that security concerns could trump business advantage when it comes to considering a search investment.

When asked the reasons for not having enterprise search 28% felt it was too expensive, 15% felt it was too difficult to deploy and amazingly 15% felt that native search (surely not Windows?) was good enough. To me this seems to be quite a low level of both expectation and understanding of search in the information security community.

There is a fairly narrow focus to this survey but the initiative of Varonis in undertaking and publishing the research is most welcome because of the insights provided into search from an information security perspective

Martin White