Lack of best practices, data protection and access management were the primary IT security challenges facing respondents of a recent CATA Alliance survey.
Top five security-menace predictions for 2008
The purpose of the study by the Ottawa, Ont.-based high-tech association was to delve into Canadians’ perception of IT security, identify the foremost IT security challenges and to create awareness around the need for IT security, said CATA’s vice-president of research, Kevin Wennekes.
“Security has been an issue and accentuated after [Sept. 11, 2001] but always been in the background,” he said during a panel discussion at this week’s SecTor 2007 conference in Toronto.
The study polled 322 respondents – the majority of whom were from large enterprises – including CIOs, project managers and a variety of frontline IT security staff like network operators and systems auditors. Polling a wide range of respondents would help highlight the often varying opinions between different levels in the organization, said Wennekes.
Sixteen per cent of respondents identified the lack of IT security best practices as being the top challenge affecting their organization. Fifteen per cent of respondents cited data protection and 13 per cent cited access management challenges as their top challenges.
Not surprisingly, those top three challenge areas align with regulatory compliance issues facing businesses of all sizes, said Mark Fabro, president and CEO of Markham, Ont.-based IT security management vendor Lofty Perch Inc. “You actually see people paying attention to things in IT security space that are actually going to be important.”
Sixty-eight percent of respondents spend up to 20 per cent of each day addressing IT security challenges, and a quarter of all respondents observed this percentage of their day increasing given evolving security threats.
That increase in time spent tackling IT security issues is influencing IT spending, most notably observed in the shift in investment from point solutions to management technologies, said Brian O’Higgins, chief technology officer of Ottawa, Ont.-based intrusion detection technology vendor Third Brigade Inc. “As security gets built into people’s roles, you’ll see smarter investment.”
Security budgets have traditionally been the smallest and the first to get cut, but that’s changing as IT security professionals are shifting their mindset to adding more value to the business, said Bruce Cowper, senior program manager with Microsoft Corp. “They’re starting to want to add more impact and value to the business,” he said.
The survey also found 60 per cent of respondents believe that Canada can take a leadership role in IT security globally. Reasons behind these results included the perception that Canada is a neutral country trusted to handle sensitive security issues, and it has a host of companies and organizations that drive IT security.
Canada has always had a presence in the realm of IT security outside of the country, but that’s now becoming more evident, said O’Higgins, adding the Canadian government is renown for being a best practices leader in IT security “and that drives a lot of industry around it.”
In the area of IT security skills, about half of respondents felt that having those skills gave them a competitive advantage for promotions and jobs. This recognition of the necessity of those skills is good for the industry, said O’Higgins, especially in small companies where IT skills in general is lacking, and security skills are nearly non-existent.
Actually, this finding aligns with how organizations have moved to using cyber security as a business enabler and differentiator, observed Fabro. “That also is in alignment with how IT professionals are beginning now to allow security to become part of their personal arsenal of capability.”
Networks of interaction, like conferences and user groups, were cited as the best places to find IT security information. This finding makes sense, said Fabro, considering Canada has a tendency to create its own domains of interest, and work closely with peers within those domains
