January 31, 2008

Symantec study reframes IT risk management

New report shows that availability maintenance and compliance concerns are now as vital to businesses' risk management efforts as the installation of security tools

Symantec's primary strategy in the enterprise may currently revolve around the notion of IT risk management, but the company's latest research finds that efforts to refine corporate process unrelated to security technology have become just as popular with customers moving to limit their exposure.

According to Symantec's annual survey of 405 businesses, the notion that technologies used to improve IT security serve as the most vital element of corporate risk management currently ranks below other priorities among customers. Respondents to the study rated IT availability management and work on specific regulatory compliance projects as comparable, and in some cases more important, to their ongoing risk mitigation efforts.

In addition, fewer businesses are utilizing a strategy that approaches IT risk as a stand-alone skill set or initiative, according to the Symantec report.

One year ago, customers participating in the study indicated that the adoption of security technologies represented the central tenet of their risk management plans. In the 2008 report, 78 percent replied that availability maintenance concerns are now as vital to their exposure mitigation efforts as the installation of security tools.

Some 70 percent of respondents replied that security projects are still a critical part of their approach. However, 53 percent of the IT-related incidents experienced by surveyed companies were tied to other issues besides problems with systems defense.

"IT risk doesn't necessarily equate to security risk. That's a big shift, and the key takeaway is that organizations are getting more mature around the portfolio of risks they have to manage," said Samir Kapuria, managing director of Advisory Services at Symantec. "In the past, people looked at one area as discrete, but now they're addressing the four pillars of compliance, security, risk, and performance availability as part of a balanced strategy."

Increasing interdependence on IT systems shared between business partners has elevated availability and performance concerns above security issues -- and businesses are more worried about causing a bottleneck in their global supply chain then they are looking to thwart attacks, the expert contends.

"IT systems availability can have a downstream impact, which has had this downward effect," Kapuria said.

Spending on compliance-oriented projects also stands as a major piece of most companies' plans, with 68 percent of those people responding stating that their employers rate those efforts as crucial to their risk management strategies.

Respondents indicated that high-level risk management projects have become less central to their IT planning, with companies favoring targeted initiatives that address individual problems or regulations.

In terms of the participants' expectations to avoid and prevent IT breakdowns, 69 percent said they believe they will encounter at least one minor incident per month, with 63 percent predicting a major IT failure at least once a year.

Some 26 percent indicated they expect a failed regulatory compliance incident at least once annually, and 25 percent said that they will experience a data loss event every 12 months.

Close

On Twitter now

Security

Powered by Twitter

On Twitter now

White Paper

D2D Virtual Tape Library Replication Primer

This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.

Download now »

White Paper

An Alternative to Virtualization for Datacenter Cost Savings

Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.

Download now »

White Paper

Why Your Firewall, VPN, and IEEE 802.11i Aren't Enough to Protect Your Network

The emergence of WLANs has created a new breed of security threats to enterprise networks.

Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation

Download now »

White Paper

Bringing the Edge to the Data Center

Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.

Download now »

Sign up to receive Security Resource Alerts

Subscribe to the Security Central Newsletter

Stay informed of the latest security threats and fixes.

White paper

Log Management: How to Develop the Right Strategy for Business and Compliance

This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.

Download now! »

White paper

The Essential Series: Security Information Management

Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.

Download now! »

White paper

Aberdeen: Choosing and Consuming Managed Security Services

Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.

Download now! »
©1994-2009 Infoworld, Inc.