Corporate IT teams are not well prepared to face a security and compliance audit. In fact, nearly half said they would just as soon have a root canal, work over a holiday, live without electricity for a week, or even eat a live jellyfish than go through an IT audit.
A recent survey by IT solutions firm Ipswitch says nearly 60 percent of 313 IT professionals in the United States said they have little confidence in their readiness to withstand the rigors of an audit of the IT system’s security and compliance. Three-fourths said they are not confident that colleagues who work with sensitive information are taking adequate measures to protect it.
“This was shocking to us,” says Paul Castiglione, senior manager of product marketing at Ipswitch. “We were totally surprised by the results.” Companies talk about the importance of compliance within their IT systems and recognize the value of well-managed transfers of information, he says. So the overall lack of confidence in the ability to pass an audit were disturbing, he says.
“It’s tempting to think there’s a magic formula, that technology can solve any problem completely,” Castiglione says. “This suggests maybe awareness is growing that that’s not the case.” Adoption of technology must be accompanied by a healthy dose of training and education, he says, to more effectively address security and compliance concerns.
The survey revealed 34 percent of IT professionals rank data loss prevention as the most important security measure organizations should take, followed by 24 percent who said the most important measure is security policies. Another 18 percent said data encryption, followed by 18 percent for tracking and reporting, and 6 percent for identity management.
A little more than half of IT professionals said the most expensive part of an IT compliance audit is allocation of IT resources to the audit process. Another 18 percent said the most disruptive aspect of an IT compliance audit is the critical project delays that result from work being delayed by audit activities; 13 percent said the most disruptive or costliest aspect of the audit is simply the emotion strain and stress.