Corporate information stored on file servers and network-attached storage (NAS) devices is in danger of compromise because IT governance policies and access rules in many companies are incapable of dealing with a massive growth of unstructured data, according to a Ponemon Institute report issued Tuesday.

A Ponemon survey of 870 IT professionals found that only 23% believe unstructured data stored by their companies is properly secured and protected.

A wide majority - 84% -- of respondents said that too many workers at their companies can access critical corporate unstructured data. About 76% said their companies have no process in place to control which employees can access specific unstructured data. Such unchecked access could expose internal security gaps and increase the potential for misuse of data, the study notes.

Varonis Systems, a maker of data governance software, funded the survey.

Larry Ponemon, chairman of the Traverse City, Mich.-based research firm, noted that IT managers say that it's difficult to find automated access control processes that can determine the importance of information the moment it's created.

About 61% of respondents said they cannot keep track of which users access specific unstructured data, and 91% said their organizations lack the ability to determine data ownership because of faulty governance policies and a lack of available storage tools that can remedy the problem.

While IT managers continue to spend significant sums of money on storage technology to hold rapidly increasing amounts of structured data, many admit that the complexity of unstructured data still makes it difficult to secure it, said Larry Ponemon, chairman of the Traverse City, Mich.-based research firm.

"What we find is not that they won't spend money on it, but they really don't know how to [resolve the issue] because of the complexity; it's a knowledge issue," said Ponemon.

The respondents said that without adequate controls for unstructured data, the top potential problems are insider negligence and deliberate misuse or theft of information from within an organization.

For the study, Ponemon defined unstructured data as electronic information residing on file servers and NAS devices that is not stored in a database or in a document/content management system. He said it can include: e-mail, instant messages, Microsoft Word documents; PowerPoint files; electronic spreadsheets; and source code.

For more enterprise computing news, visit For more gaming news, visit GamePro. http://www.gamepro.com/ Story copyright GamePro Media."http://www.computerworld.com/">Computerworld. Story copyright Computerworld, Inc.