SOX News

Leveraging Compliance-Driven Security Expenditures for Security/Risk Management Important, But Hard to Achieve Revealed by Enterprise IT Survey

(December 22, 2009) - It is shown in a recent survey that while enterprises look for leverage compliance-driven security expenditures for general security and risk management tasks, they find it difficult to accomplish with their existing solutions. The online survey of 5,000 IT professionals charged with compliance/audit responsibilities at enterprises with revenues between $200 million and $1 billion was conducted by PacketMotion, the pioneers of User Activity Management, an innovative approach to improving the operational efficiency of audit and compliance controls.

The survey revealed that enterprises highly value leveraging compliance and audit solutions for more general security requirements. When asked, “How important is it for you to leverage your compliance/audit solution investments for general risk management and internal security,” 84 percent of survey respondents said “important” or “very important.” This is consistent with the recent trend of budgets that are focused on meeting compliance regulations and internal audit control objectives. With less money available for solutions that address reduction of business risk, IT professionals are seeking to leverage their compliance and audit solutions to do more.

The survey also demonstrated how much difficulty organizations are having trying to achieve this goal. Queried as to the degree to which they are currently able to leverage their compliance/audit solution investments for general risk management and internal security, 76 percent said “in a limited way” or “unable to.” Unfortunately, most compliance solutions were designed to deliver only what auditors require, and trying to use them more broadly is usually either impractical, or requires too much staff time. This was also reflected in the survey results: 60 percent of respondents said they were unable to achieve this leverage because they either didn’t feel the solutions they had could be used this way, or because they didn’t have the staff resources.

“The results of this survey articulate a deep desire by enterprises who have already made investments in meeting compliance/audit requirements--the alphabet soup of PCI DSS, SOX, HIPAA and HITECH--to be able to use these investments for other areas of responsibility such as protecting their networks from general risk and internal threats,” explained Paul Smith, CEO at PacketMotion. “We’ve found that PacketMotion’s ability to meet that desire through a single, low-risk, operationally-efficient solution is the key reason our sales have continued to grow even in these challenging times.”

For More Information Visit - www.packetmotion.com

Share or bookmarklet this web page at: