Regulations dominate security

Now the top driver for IT security strategies

Compliance with regulations is now the top driver for IT security strategies, according to a report published last week by services provider Ernst & Young. However, this focus could prevent IT chiefs from focusing on strategic business issues.

Almost two-thirds of the 1,300 IT chiefs questioned cited regulatory compliance as a key security driver for the last year and for the coming 12 months, according to the latest Global Information Security Survey. In contrast, under a third of respondents predicted that worms and viruses would be a key driver for security strategy over the next year, down from 53 percent in last year's survey results.

Antony Smyth, information security partner at Ernst & Young, said that this was the first time in 12 years that regulation had emerged as the top priority.
"But people need to leverage this focus to do more than the current bread and butter stuff," Smyth said. "It's predominantly focused on financial reporting but it should be used for more strategic business activities, like Lloyds TSB's two-factor authentication project."

Many firms do not do enough to manage risk in supplier relationships, the report reveals.

Smyth said outsourcers' procedures for handling data deserve more attention. Twenty-one percent of respondents said they did not have measures to assess the risks posed by vendors, and a further third only had informal procedures.

Mobile computing, removable media and wireless networks were identified as the new technologies posing the biggest security threats to firms, partly fuelled by the growth in smarter devices, according to Smyth. "Many firms disable USB ports to reduce risk, while some call centres in India don't let employees bring in iPods, to stop data theft," he added.