A forum has declared that automation is the only way to cut risks and achieve compliance.
At the recent Security Risk & Compliance Forum in London, organised by Skybox Security and BT, it was claimed that enterprises that do not have automated methods for finding network vulnerabilities and tracking risks are gambling with their corporate data and reputation.
Of those businesses surveyed 75 per cent reported significant growth in their networks in the past year, while 63 per cent said they used automated solutions for identifying risk and compliance issues and vulnerabilities in their network.
When asked to name the single IT risk or compliance issue that kept them awake at night, 44 per cent of the people surveyed named identity and access management, 38 per cent expressed concerns about board-level interference with security policy decisions, and 18 per cent said cutting risks of data leaks and losses was the issue that concerned them the most.
Speaking at the event, Stephen Bonner, global head of information risk management for Barclays Group, said: “Something has got to give, you have got to make sure that you are going to business but you need to find a way to stretch money, but how?
“There is a lot of movement into offshore but risk continues as part of that. Do not push third party supplies so that they fail, who has the data? Many organisations understand that, as they make sure that the risks are understood.”
He later claimed that if things do go wrong, ‘this is a great time to start again'. Bonner said: “There is a bright future, those who weather the storm will come out stronger so there is the opportunity to look at what you do and focus right.”
Ray Stanton, global head of business continuity, security and governance requirements for BT, used his presentation to show how organisations that manage risks effectively are better positioned to respond to and remedy adverse events, helping to protect their brand's reputation and control costs.
Stanton said: “It is about being agile and keeping an open mind. You do not have to update your technology but be risk and security professionals and do the right thing for the company, be risk resilient.”
Gidi Cohen, CEO and founder of Skybox Security, warned that periodic audits and checks on security systems are no longer enough to ensure effective risk mitigation and policy compliance.
Cohen said: “Every change, every update to systems affects an organisation's compliance status. Manual audits and checks take too long and can leave systems dangerously vulnerable to exploits. Automation reduces the window of exposure, and helps to ensure risks are managed and compliance is maintained.”