Over the past few months we have been collecting surveys, usually given to CIO’s, IT managers, and engineers, gauging their views on security and compliance issues within their companies. We gathered responses (over 125) from the U.S. and through the European Network Instruments office and found some interesting things along the way:
- Only around 16% of respondents felt their current network tools were good enough to ensure compliance with government regulations, including SOX, HIPAA, or Basel II. 47% weren’t confident in the ability of their tools to ensure compliance, while an additional 37% were unsure.
- 40% of respondents felt they needed to improve their ability to track network security breaches. This compared to 12% who thought they were well prepared to track a security breach.
- Nearly 30% of respondents felt they lacked the ability to enforce internal HR acceptable use policies on the network, while 49% thought they were well prepared or satisfied with their ability to monitor prohibited network use.
- To provide a little context on the companies responding, 46% had 2000 or more network users, 39% had between 100 and 1,999 users, and 15% had fewer than 100 users on their network.
The most interesting results, I thought, were in the area of compliance. With so many new regulations, it’s difficult for the CIO, much less the IT engineer, to keep track of them, figure out the implications for their network, and sort through the clutter of vendor advertising to find a solution. The large number of people who were unsure of their ability to enforce compliance with these regulations could be an indication of the confusion that is out there and created by mix of vague laws and exaggerated claims by vendors.
Let me know what you think. Thoughts or stories about the compliance or security problems you tackle would be great.
digg
del.icio.us 
technorati
August 24, 2007 at 1:31 am |
[...] A recent blog post highlighted security and compliance issues: [...]