This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Claims made that automation is the best way to cut risk and become compliant

Share this article:

A forum has declared that automation is the only way to cut risks and achieve compliance.

At the recent Security Risk & Compliance Forum in London, organised by Skybox Security and BT, it was claimed that enterprises that do not have automated methods for finding network vulnerabilities and tracking risks are gambling with their corporate data and reputation.

Of those businesses surveyed 75 per cent reported significant growth in their networks in the past year, while 63 per cent said they used automated solutions for identifying risk and compliance issues and vulnerabilities in their network.

When asked to name the single IT risk or compliance issue that kept them awake at night, 44 per cent of the people surveyed named identity and access management, 38 per cent expressed concerns about board-level interference with security policy decisions, and 18 per cent said cutting risks of data leaks and losses was the issue that concerned them the most.

Speaking at the event, Stephen Bonner, global head of information risk management for Barclays Group, said: “Something has got to give, you have got to make sure that you are going to business but you need to find a way to stretch money, but how?

“There is a lot of movement into offshore but risk continues as part of that. Do not push third party supplies so that they fail, who has the data? Many organisations understand that, as they make sure that the risks are understood.”

He later claimed that if things do go wrong, ‘this is a great time to start again'. Bonner said: “There is a bright future, those who weather the storm will come out stronger so there is the opportunity to look at what you do and focus right.”

Ray Stanton, global head of business continuity, security and governance requirements for BT, used his presentation to show how organisations that manage risks effectively are better positioned to respond to and remedy adverse events, helping to protect their brand's reputation and control costs.

Stanton said: “It is about being agile and keeping an open mind. You do not have to update your technology but be risk and security professionals and do the right thing for the company, be risk resilient.”

Gidi Cohen, CEO and founder of Skybox Security, warned that periodic audits and checks on security systems are no longer enough to ensure effective risk mitigation and policy compliance.

Cohen said: “Every change, every update to systems affects an organisation's compliance status. Manual audits and checks take too long and can leave systems dangerously vulnerable to exploits. Automation reduces the window of exposure, and helps to ensure risks are managed and compliance is maintained.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

CISOs offered new way to secure Android devices

CISOs offered new way to secure Android devices

US and German researchers have come up with a novel way to secure the notoriously flaw-ridden Android - a framework that allows corporate and other users to rapidly add security ...

Rogue UK and US spies 'help safeguard Tor network'

Rogue UK and US spies 'help safeguard Tor ...

Extremists and paedophiles protected by 'white hat' hackers in GCHQ and NSA, says unconfirmed BBC report.

Cyber Security Challenge joins with GCHQ for security development programme

Cyber Security Challenge joins with GCHQ for security ...

The Cyber Security Challenge is linking with GCHQ to develop counter-espionage and cyber security skills for the real world.