Security practices aren't adapting to rapid changes in IT strategy
Healthcare organizations and other companies need to alter security approaches as their organizations pursue changes in IT strategies and operations, according to results of recent research.
Slightly more than half of the 500 security professionals said their organizations have altered security approaches based on changes in IT operations, such as relying on more cloud-based solutions or making wider use of mobile devices and apps.
However, the study also found that 43 percent of respondents prioritize other technology needs in their companies over security.
The Practices of Security Professionals study was conducted by CompTIA, a not-for-profit association for the technology industry.
“Far more than half of all companies have adopted cloud computing and mobile devices,” said Seth Robinson, senior director, technology analysis at CompTIA. Results of the survey “suggest that many companies are embracing new technology solutions without taking the corresponding actions necessary to build a proper defense. This poses huge challenges for the IT security professionals tasked with security responsibilities.”
IT security professionals face many challenges, CompTIA said in its analysis. Slightly less than half of respondents (47 percent) say there’s a belief within their organization that existing security is “good enough.” Four in 10 cite a lack of security metrics, while a slightly smaller percentage (37 percent) point to a lack of budget dedicated to security.
A majority (90 percent) of IT professionals say security is of greater importance today to their companies than it was two years ago. While some improvements in security have been noted, many companies need to improve their standing, CompTIA asserts.
“Simply placing a higher priority on security may not lead to improved measures,” Robinson said. “Companies may not fully understand the nature of modern threats. It’s incumbent on the IT pros to adequately communicate the requirements for modern security, the potential cost of weak defenses and the specific actions that should be taken.”