Spreadsheets seen as security hole

01.09.2006
In the wake of multiple high-profile laptop thefts and data breaches, some IT shops are launching new initiatives to ensure that sensitive corporate data stored in spreadsheets and business intelligence tools remains secure.

The security efforts are taking on a new urgency as more workers gain access to BI tools and spreadsheets used for BI functions.

Several recent incidents -- including the inadvertent exposure of sensitive data for about 5,000 customers by Verizon Wireless that was disclosed last week, and the theft of a laptop from the U.S. Department of Veterans Affairs that contained personal information from some 26 million veterans -- involved unsecured spreadsheets.

Users and analysts said that spreadsheets are often the most common method used to analyze corporate data and are increasingly used as a front-end to more advanced BI systems. However, in most cases the ubiquitous application and the more traditional BI tools have not yet received the same security scrutiny as transactional systems and Web applications, they said.

Mayur Raichura, director of information services at The Long & Foster Cos., met last week with various executives, including the company's chief financial officer and controller, to kick off an IT security initiative that will place a heavy emphasis on securing BI data.

"There is a tremendous amount of BI data that seems to be in the hands of a lot more employees than [there was] five years ago," Raichura said. "The average user outside of IT doesn't have a clear understanding of the implications of what they do in terms of downloading data."