THE NEED FOR BEST PRACTICES KNOWLEDGE WAS IDENTIFIED by 16 per cent of respondents as the top IT security challenge affecting organizations today, according to a recent survey of 322 IT security professionals, undertaken by the Canadian Advanced Technology Alliance in partnership with Microsoft. Coming in a close second was data protection, cited by 15 per cent of respondents, followed by access management, cited by 13 per cent.
“The lack of best practices being one of the primary challenges was certainly one we weren’t anticipating when we started this study,” said Kevin Wennekes, CATA’s vice-president of research. “We knew it would be an issue, but for it to be identified at the top as an overarching challenge came as a bit of a surprise to us.”
Also surprised was Francis Ho, executive officer at the Federation of Security Professionals in Toronto, who expected both data protection and access management concerns to rank higher than best practices.
“It’s certainly a surprising result because there’s so much information out there, with a lot of good server hardening guides to be found all over the Internet,” Ho said. “Data protection is one that should definitely be high on the list as everybody is concerned about information leaving the organization today. In the old days, everything used to be paper-based but now you can make a copy of a file and port it off to your iPod Nano without a trace.”
Another finding indicated that IT security professionals believe that their organizations don’t put enough emphasis on IT security challenges and often react after the problem arrives on their doorstep.
“I see a lot of basic processes like simple hardening of servers that still isn’t being done as the norm, so while some organizations get it, many others don’t,” Ho said. “Larger organizations tend to understand security better and it also depends on the industry.”
To address these issues, CATA recommended that the industry develop industry-wide best practices, establish a research series of IT security professional perspectives reports, undertake a study to determine the value of an IT security skills set, and work to define Canada’s global IT security brand.