Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management

    Cisco Study Highlights Common Failures of Enterprise Security Policies

    By
    Brian Prince
    -
    October 28, 2008
    Share
    Facebook
    Twitter
    Linkedin

      As actor Paul Newman’s character said in “Cool Hand Luke”: “What we’ve got here is a failure to communicate.”

      The well-known quip is relevant to IT security in many enterprises. According to a survey by InsightExpress, one of the key issues surrounding IT is that many employees simply do not understand or know the security policies their company has in place.

      The survey was sponsored by Cisco Systems and gathered responses from more than 2,000 employees and IT professionals in 10 countries. What was found was disturbing, if not startling-when asked if their companies had a security policy, there was a 20 to 30 percent gap between what IT professionals said and what other employees said. The largest gaps-31 percent-were in companies in the United States, Brazil and Italy.

      Taken at face value, what this means is that many employees are oblivious to the security policies a company has in place. Most of the time security policies were passed along to employees via e-mail; an easy way of disseminating information perhaps, but not necessarily the most effective.

      “When most employees get another announcement from IT about some policy or what have you, the typical response is to hit delete,” said Marie Hattar, vice president of Network Systems and Security Solutions at Cisco. “That kind of nonverbal mode of communication, if you are depending on that, is not a very effective way of [informing employees].”

      Though the survey did not cover whether employees who received messages about security policies face-to-face were more aware of the policies, holding office meetings gives employees a chance to ask questions and have a voice in the policy-making process.

      Beyond the communication factor, there is also a gap between IT’s perceptions of why policies are violated and employees’ true motivations. When employees were asked why they broke security policies, the most popular responses in all 10 countries were either that the policies don’t align with the realities of their job, they need access to applications not included in the policy, or both.

      When IT pros were asked why employees violated policy, the most popular answers were variations on the theme of apathy and a lack of awareness.

      Here, the problem is most likely related to a lack of understanding on the part of IT pros about how employees use technology to do their jobs. The end result is “greynets.”

      “I think generally there is sort of this tremendous growth in user-driven adoption of collaborative application, Web-enabled technology,” said David Goddard, vice president of Security Assurance at Cisco. “There are many examples of that, from initial adoption of instant messaging tools to wikis … if IT is communicating a policy that isn’t agile enough to stay current, or at least be able to communicate the risk associated with those technologies if they’re not IT supported or approved, the users will say, ‘Look you’re constraining my ability to drive towards productivity.'”

      Addressing this issue means the authors of security policy need to understand the realities of the business, and look at security as an enabler of business processes rather than a digital stop sign.

      Brian Prince

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×