The majority of businesses (59 percent) are not fully prepared to undergo an audit, and a whopping 75 percent lack confidence that colleagues authorized to work with sensitive information are adequately protecting it, according to results of an Ipswitch survey.
The survey, which polled 313 IT professionals in United States, also found more than one-third of IT professionals (34 percent) believe data loss prevention is the most important security measure for their organization followed by security policies (24 percent); data encryption (18 percent); tracking and reporting (18 percent), and identity management (6 percent).
"While IT teams are charged with keeping business processes smooth and secure, they have limited control over file movements across an organization and insight into operations. Employees are introducing more applications and devices onto the business network and disregarding IT policy, even if inadvertently," Paul Castiglione, senior manager of product marketing at Ipswitch, told eWEEK. "With growing demand for data movement and simplified business processes, as well as increased regulations, IT is forced to choose between risk and other critical projects when managing processes manually."
Castiglione added that automated managed file transfer systems remove this burden, and allow IT to focus on the core objectives of the business and remain compliant.
"When faced with limited resources, IT teams must regain control of the company network by integrating IT and security systems, and preparing for compliance audits with centralized audit logs and reports for file transmission," he explained. "IT pros should make sure that external users are not granted access to trusted networks and ensure that all files sent are the same as ones received."
When asked what they would be willing to do instead of a compliance audit, nearly half of all respondents (46 percent) would either undergo a root canal procedure, work over the holidays, live without electricity for a week or eat a live jellyfish.
"Security has never been an IT-specific issue. It encompasses technology, processes and people," Castiglione said. "It’s clear that malicious, and seemingly well-funded, third-party agents will continue to attack to acquire sensitive and private data stewarded by corporations and governmental agencies. Traditional techniques like phishing, stolen credentials and malware will continue to prevail so it’s critical to ensure basic protections are in place against those forms of attack. In the near future, IT will have the capability to stop threats rather than reacting to their consequences."