//
you're reading...
Cloud Computing, IT & TECHNOLOGY

Enterprise Data Breaches on the Rise Despite Infosec Policies


CSA-Logo

The results of the 2014 Protiviti IT Security and Privacy Survey reports that:code42_data_breach_rises[1]

•  77% of organizations have a password policy or standard.
•  67% of organizations have a data production and privacy policy.
•  67% of organizations have an information security policy.
•  59% of organizations have a workstation/laptop security policy.
•  59% of organizations have a user (privileged) access policy.

Based on these statistics, the enterprise organization has plenty of IT and information security policies in place, and yet, data breaches are on the rise, doubling from December of 2014 to August of 2015. Given these statistics, it seems unlikely that enterprise security policies are, in fact, keeping enterprise organizations safe.

Human users are touted as the weakest link in an information security system. Historically, IT has taken a top down approach that forced users to work within the confines of a system that didn’t take user productivity into consideration. IT and security professionals focused on creating limits to protect the network from the user, throwing up barriers in the name of network security. This impacted user productivity but was accepted as collateral damage in the fight to keep the enterprise network safe. Users were left to choose between upholding security protocols and personal productivity.

Given the choice between job security and network security, most users will choose productivity and hope for the best when it comes to protecting the network. Christian Anschuetz on the Wall Street Journal blog, CIO Journal, agrees. “Forced to choose between disruptive, apparently irrational, and easily circumvented security directives and getting their job done, employees invariably choose to be productive,” states Anschuetz.

Changing priorities
While maintaining enterprise security will always be the number one priority of information security professionals everywhere, the modern information security professional recognizes that times are changing. Network security at the expense of user productivity is counterproductive. When threatened with limitations to productivity, users have proven that they will find ways around IT and information security initiatives through shadow IT.

Progressive, security-focused organizations must consider their users when they create security policies. Backing into security policies and initiatives based on user needs allows enterprise organizations to simultaneously meet security and user-productivity demands. Rather than forcing users to work outside of their usual workflows, modern information security secures the enterprise where and how its users prefer to work, eliminating unsanctioned workarounds and shadow IT solutions. The result is greater enterprise security and happier end users.

By Rachel Holdgrafer, Content Business Strategist, Code42

[Cloud Security Alliance Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 116,997 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,132 other followers

Twitter Updates

Archives

November 2015
M T W T F S S
« Oct   Dec »
 1
2345678
9101112131415
16171819202122
23242526272829
30  
%d bloggers like this: