Companies lag in managing threats to development environments

Most IT practitioners don't think their company has adequate policies to manage threats to data in development environments, according to a new survey by the Ponemon Institute.

Seventy-five percent of the organizations surveyed use one to 50 terabytes of data in development environments. These companies report running full lists through development systems rather than random samples, according to Ponemon.

"Over decades in security research, I have seen the real effort put into the production environment, not development and testing,"  Larry Ponemon, chairman and founder of the Ponemon Institute, told InternetNews.com. "Wherever the criminal or a company's competitor gets the data, it's still a real problem," he added.

U.S. companies are feeling the heat from potential threats from all sources. Only 18 percent of U.S. companies reported not suffering a data breach during the past year, the survey found. Most cited insiders or third-party outsourcers for breaches, not hack attackers.

It's possible that data losses occur because companies do not have a specific point person responsible for defending the development environment. The lines of authority are murky. According to InternetNews.com, 20 percent said that developers or business units were responsible, while nearly 40 percent said IT was responsible for the data. Who's in charge? Possibly nobody.

For more on development environment risks:
- check out this InternetNews.com article

Related Articles:
Firms delinquent on patching holes
Data exposed on NYSE server
Twitter becomes a security risk
Survey: employees ignore data security