"Data governance and security aren't sexy topics, but they're incredibly important to the sustained success of every company. Not just the growing returns, but the very lifeblood, of a business can be at stake if information isn't effectively protected and vulnerabilities are allowed to linger. Of course, few organizations will admit up front that their governance and security policies aren't 100 percent effective, let alone mostly lousy. However, a new survey recently highlighted the not insignificant percentage of enterprises that are struggling with the complexities of security and compliance.
The Confounding Complexities
The survey, conducted by Ovum, compiled responses from 450 chief information officers, chief information security officers and chief risk officers who work for organizations in the North American, EMEA and Asia-Pacific markets. The results weren't exactly pretty, with organizational readiness, strategy integration and infrastructure consistency all exhibiting problems.
23 percent of respondents stated that their organizations had recently failed a security audit
17 percent admitted that they didn't know, or didn't think they could pass a compliance audit, were it conducted today
71 percent are experiencing problems integrating their data security and governance policies into their organizations
56 percent stated that integration infrastructure remains fragmented
89 percent said encryption of data at rest was a major issue
86 percent are having problems defining and implementing security practices
78 percent stated that identity and access management are significant concerns
Adding to many organizations' problem is the growth of data and its resulting complexity. Plus, regulatory and industry measures for data compliance continue to become stricter, with more drastic penalties for those unable to adopt and integrate all standards effectively. Ovum senior analyst Sau'‹rabh Sharma observed that traditional modes of overseeing these crucial areas are largely ineffective for dealing with the challenges of today.
""As the volume and speed of business continues to grow, organizations face greater risk of exposing sensitive data,"" stated Sharma. ""Moreover, stringent regulatory mandates call for transparent audit trails and a high level of visibility into and control over the flow of sensitive data. Therefore, enterprises can no longer afford to implement infrastructure and governance solutions in isolation,""
Business Continuity and Disaster Recovery Remedies
Ultimately, many organizations are able to get by with the systems they have in place - most organizations, in fact. Some will never have to deal with the fallout from a data breach or a severe event impacting the integrity of their storage systems, clouds and networks. This can lead to complacency in the development, implementation and continuous maintenance of business continuity and disaster recovery plans.
Business continuity and disaster recovery go hand-in-hand with the integration of data security and governance practices into overall enterprise operations. Ultimately, it's a combination of people, process and policy factors that enable information protection and regulatory strategies to sink or swim, and it's these very same components that contribute to the effectiveness of continuity and contingency efforts. Forbes contributor Divya Rathi recently described business continuity and disaster recovery efforts in terms of a ""wellness program,"" in which all the different components - data centers, infrastructure, applications, data, users, etc. - function as part of living ecosystem that needs to be given regular checkups. Issues must be caught before they metastasize. Regular system tests and treatments - as well as security management programs that adopt an effort to focus on overall system health - are essential to avoiding huge, unexpected issues. Obviously, not everything can be foreseen, but it's much easier to recover when there's an established system in place.
Many of the top issues discussed in the survey stem from a lack of visibility into the organization, which in turn comes from an inability to integrate. Whether organizations need to invest in managed services or aggressively treat vulnerable areas in their systems, it's important to ensure that nearly one-quarter of businesses aren't failing to meet basic security measures."