Who Will Protect Your Data?
Managing the continued increase in data is a major issue for organisations. IDC predicts that we stored 1.8 zetabytes of information in 2011 (1.8 x 1021 bytes), and that this will increase to 7.9 zetabytes stored by 2015 .
Figure 1. Graph of data being stored worldwide .
At the same time, the value of data is also growing. The annual Cost of a Data Breach study by the Ponemon Institute, shows a clear year on year increase in the costs incurred per data record compromised when data is lost or stolen. 
Figure 2. Graph of total costs incurred per data record breached .
Other factors may dramatically increase the cost of dealing with lost data; proposed EU legislation will fine companies up to 5% of turnover for contravening data protection laws . Therefore, in the environment in which we operate, more and more information is being created, this information is increasingly valuable, and we will risk major fines if part of this growing mountain of data is compromised.
Hence, the profession of information security which seeks to secure this data, the systems in which it resides, and the networks upon which it travels, against disclosure or loss while ensuring that this data is available when required to authorised users. It is relief to know that the number of people working in information security worldwide is growing at about 11% per year, with in excess of 700,000 working in the domain in the EMEA region .
However, there are 20.8 million registered companies in the EU alone . If we assume that the 700 000 information security workers all work in the EU, which is certainly an over estimation, this implies that there is a single information security worker for every 34 companies.
The average number of employees per company across organisations of all sizes within Europe is only 4 people . Therefore we can assume that there will be an unequal distribution of these relatively rare information security employees. We can envisage that large companies will have teams of employees dedicated to protecting valuable data, while it is unimaginable that the ‘average’ company will dedicate one quarter of their workforce to information security. So who will protect the data of small businesses?
The security of data is one of the factors driving the uptake of cloud services. By pooling data from many companies within a cloud environment, the costs of securing this data can be shared across a large number of companies. In this way a small number of information security workers can ensure that the data of a large number of companies is secure against attack or loss.
Customers of cloud services need to ensure that data protection and security is specified in their service level agreement with the cloud provider. Equally, the end customer will have to consider how their data is used and accessed within their local network, but when it comes to large amounts of data, keeping it in the cloud is probably the safest option.
1. The 2011 Digital Universe Study: Extracting Value from Chaos. IDC.
2. 2010 Cost of a Data Breach. Ponemon Institute.
3. Data breach law: Companies facing fines of five per cent of turnover. Silicon.com.
4. The 2011 (ISC)2 Global Information Security Workforce Study. ISC2
5. Are EU SMEs recovering from the crisis? Annual Report on EU Small and Medium sized Enterprises 2010/2011. European Commission - DG Enterprise.