A survey of high-risk organisations has found that more than three quarters fail to perform quarterly security and compliance training.
According to a survey by enterprise key and certificate management solutions provider Venafi and IT security research provider Echelon One, 77 per cent of respondents failed to perform quarterly security and compliance training while 64 per cent failed to encrypt all of its data in the cloud. However 90 per cent did use encryption throughout the organisation.
The survey of 420 enterprises and government agencies also found that almost 100 per cent of respondents had some degree of unquantified or unmanaged risk. When asked if their organisations encrypted data stored in public clouds such as Google Apps, Salesforce.com and Dropbox, 40 per cent said they did not know.
When asked how often critical encryption assets such as SSH keys were rotated, 41 per cent said that they did not know and when asked if their organisations were using encryption keys and certificates for data security and system authentication, 10 per cent said they were not.
Jeff Hudson, CEO of Venafi, said: “If this assessment demonstrates anything, it's that IT and security departments have got to gain greater visibility over all of their security and compliance activities and take steps to better understand and manage them.”
Bob West, founder and CEO of Echelon One, said: “The assessment findings were startling. We suspected we would find that many organisations were challenged, but we had no idea that failure rates would run this high.
“The good news is that with this information and self assessment, organisations can see where they rank in comparison to peers, determine where weaknesses exist and identify steps they can take to significantly reduce security and compliance risks by leveraging automated processes and multi-layered data security strategies, including managed encryption.”