Leveraging Compliance and Audit-Focused Tools
Leveraging compliance and audit-focused tools
With this reality, how can IT security teams gain efficiencies that will allow their organizations to put more resources into general threat management? One of the greatest untapped opportunities is to better leverage compliance and audit-focused tools and their accompanying processes for general risk management. Compliance tools and processes consume significant amounts of IT security resources but, perhaps surprisingly, they are rarely leveraged beyond their original scope.
A recent online survey of IT professionals bears this out. When 5,000 IT professionals responsible for compliance and audit responsibilities were asked, "How important is it for you to leverage your compliance and audit solution investments for general risk management and internal security," 84 percent of the respondents said it was either "important" or "very important."
Unfortunately, the reality does not match the aspiration. When these same enterprise professionals were asked, "To what degree are you able to leverage your compliance and audit solution investments for general risk management and internal security," 76 percent answered, "I'm unable to" or "I'm able to but only in a limited way."
Furthermore, when survey participants were asked what was preventing them from achieving this leverage, 59 percent responded that they either "don't have enough staff" or "don't believe this can be done with current technology." A major problem reflected in this last result is that most compliance and audit control activities are labor-intensive, making them impractical to apply on a broad basis.