Mike Lennon of SecurityWeek has a good writeup on a new survey which reveals that the biggest challenges to data and application security in the enterprise are related to budgets and organizational management.
The study, titled Managing Information in Insecure Times, was conducted by the Oracle Applications Users Group, Application Security, Inc. and Unisphere Research.
The data is comprised of poll responses from 430 Oracle Applications Users Group members, and results show more than half of the respondents indicated that budgets posed the greatest challenge to improving overall security.
One poll participant is quoted as saying,“in times of economic stress, performance and security go out of the door and are the ones to get cut first."
More than one in four of those queried in the study pointed to a disconnect between the IT department and executive level management as an issue, echoing concerns that have been at the center of many conversations in the information security field.
The study also notes that a failure by management to understand the nature and immediacy of threats posed a significant obstacle to proactive mitigation efforts, with about one third of those surveyed citing this an issue.
Another poll respondent is quoted as saying, “first of all, management should try to understand the security threat and its impact to business. Then, management needs to align the system to business needs and requirements, as well as practically decide for the budget, which should include funds for security re-engineering.”
Other highpoints of the study outlined in Lennon's piece include:
- 91% are unsure of the costs associated with data breaches
- 48% declared that human error is the greatest challenge to information security, followed by a tie for second place (30%) between insider threats and accidental loss of storage media device
- 14% of respondents are deploying databases in the cloud
- 53% stated that budget was the greatest impediment holding back information security efforts, while 33% claimed a lack of understanding of the threats
- 43% believe that they will see a better alignment between business IT security, and IT operations because of compliance while 38% anticipate improved accuracy and security of its organization’s financial reporting data
- SOX, HIPAA, and PCI-DSS are the key compliance initiatives being addressed by respondents, respectively.
- 78% conduct periodic compliance audits
- 55% Monitor Production Databases for Security Issues, with 31% taking advantage of automated tools
Lennon's article, which also examines some of the more proactive and creative strategies some companies are using to improve security efforts, can be found here: