Data export leaves firms vulnerable, says research

The tendency of firms to distribute sensitive data to offices around the globe could be creating a new form of information vulnerability, a report has suggested.

Researched for sponsor McAfee, the 'Unsecured Economies: Protecting Vital Information' survey points to a range of security issues -- some of them tied to the worsening economy -- but the issue of how and where data such as customer information is distributed in enterprises is connected to longer-running themes such as worker outsourcing and globalisation.

[ Related: With economic slump, concerns rise over data theft | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

The 1,000 CIO-level professionals surveyed for the report in the U.S., UK, Japan, China, India, Brazil, and the Middle East, reported an average of $12 million (£8.3 million) of sensitive data resided abroad per firm, in addition to $17 million of intellectual property (IP).

How far this data dissemination trend had gone depended on country, with Japan showing the lowest at $8.2 million, with the UK the most exposed with $15.2 million. As to IP specifically, China was the most at risk, with $61 million in foreign hands.

A major reason companies have taken to moving information away from their home area is, predictably, cost. Whatever it costs to manage data at home, there is almost certainly a partner who will do the same function in another part of the world for considerably less.

The deeper motivation for moving data abroad depended on country. Western companies appear to be motivated not just by labor costs, but by the desire to avoid burdensome data regulations, while less developed nations such as China can actually move data abroad to make it more secure.

The average loss of IP from foreign sites was put at $4.6 million (£3.2 million), with the UK at low end of the spectrum with only $375,000, and China at the other end with $7.2 million.

Amidst a welter of statistics, however, three countries are clearly cited as being at the top of the watch list for posing the biggest threats to data protection -- China, Pakistan, and Russia, in roughly that order. These countries reputations for data security are so poor that many firms have purposely avoided allowing data to be stored in them.

"As China and Russia's economies soften, there will be even more pressure to 'appropriate' intellectual property as a means to continue economic growth. Organised crime and state-sponsored groups in both Russia and China will continuously seek out new and profitable targets. Pakistan looms as potentially the largest threat, with attackers motivated by ideology rather than economic gain," says the report.

Unsecured Economies: Protecting Vital Information, researched by Purdue University's Center for Education and Research in Information Assurance and Security on behalf of McAfee can be downloaded by registered users.

Techworld is an InfoWorld affiliate.